5373 matches found
UBUNTU-CVE-2023-23602
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-23602
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Mozilla Firefox ESR < 102.7
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-02 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and...
GHSA-CM8H-Q92V-XCFC mercurius has Uncaught Exception when using subscriptions
Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...
mercurius has Uncaught Exception when using subscriptions
Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...
CVE-2023-22477
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
Code injection
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions
Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...
Mercurius 安全漏洞
Mercurius is a GraphQL adapter Fastify. A security vulnerability exists in Mercurius versions prior to 10.5.0, which is caused by a denial of service attack when any user sends an incorrectly formatted packet to "/graphql" via WebSocket...
PT-2023-18529 · Mercurius · Mercurius
Name of the Vulnerable Software and Affected Versions: Mercurius versions prior to 11.5.0 Description: Mercurius is a GraphQL adapter for Fastify. The issue allows for a denial of service attack by sending a malformed packet over WebSocket to "/graphql". This can affect any users of Mercurius...
PT-2023-10141 · Lukehutch · Gribbit
Name of the Vulnerable Software and Affected Versions: lukehutch Gribbit affected versions not specified Description: A problematic issue was found in lukehutch Gribbit, affecting the messageReceived function of the file src/gribbit/request/HttpRequestHandler.java. This issue leads to missing...
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload
Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...
destiny.gg chat 跨站请求伪造漏洞
destiny.gg chat is destiny.gg open source a destin.gg chat backend. destiny.gg chat suffers from a cross-site request forgery vulnerability that stems from a problem with the function websocket.Upgrader in the file main.go, which could lead to cross-site request forgery...
PT-2022-9020 · Unknown · Destiny.Gg Chat
Name of the Vulnerable Software and Affected Versions: destiny.gg chat affected versions not specified Description: A vulnerability was found in the destiny.gg chat, affecting the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery, and the attack...
New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network
NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai. A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen...
The vulnerability of WebSocket functions in WebKitGTK and WPE WebKit rendering modules allows attackers to execute arbitrary code.
The vulnerability of WebSocket functions in WebKitGTK and WPE WebKit implementations relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code by opening a specially created web page...
tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS
A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from...