6 matches found
CVE-2023-37899
CVE-2023-37899 concerns Feathersjs: the socket handler fails to catch invalid string conversion errors (e.g., a crafted toString object), causing Node.js to crash on unexpected Socket.io messages. A fix is available in Feathers versions 5.0.8 and 4.5.18; users should upgrade. There is no known wo...
CVE-2026-27191
Feathersjs (Feathers) Open Redirect in OAuth callback (CVE-2026-27191) affects versions 5.0.39 and earlier where the redirect query parameter is appended to the base origin without validation. This allows an attacker to steal victims’ access tokens via URL authority injection, leading to account ...
CVE-2026-29793
Feathersjs vulnerability CVE-2026-29793 affects Feathersjs 5.0.0–5.0.41 with Socket.IO client-supplied ids not type-checked, which may pass as MongoDB operators (e.g., {$ne: null}) into queries via the MongoDB adapter. This can cause unintended document matches and impacts on confidentiality, int...
CVE-2026-27193
Feathersjs versions ≤ 5.0.39 store all HTTP request headers in the signed but unencrypted session cookie. The complete headers object (including internal proxy/gateway headers, API keys, tokens, and internal IPs) is base64-encoded in the cookie and readable by clients, exposing sensitive infrastr...
CVE-2026-29792
Feathersjs (v5.0.0–5.0.41) is vulnerable to an unauthenticated bypass in the OAuth callback endpoint. A forged profile sent via the query string to /oauth/:provider/callback can trigger a fallback path that reads params.query when Grant’s session/state is empty, allowing an attacker to drive enti...
CVE-2026-27192
Feathersjs vulnerability CVE-2026-27192 affects 5.0.39 and earlier. The origin validation in getAllowedOrigin() uses startsWith() to compare Referer against allowed origins, which can be bypassed by registering a domain with a shared prefix (e.g., https://target.com.attacker.com vs https://target...