2 matches found
CVE-2020-8823
SockJS contains a reflected XSS in htmlfile.js (lib/transport/htmlfile.js) exploitable via the /htmlfile callback parameter. Affected: SockJS prior to 0.3.0 (per CVE-2020-8823) with the issue described as Reflected XSS. Root cause is improper handling of non-alphanumeric characters in the callbac...
CVE-2020-7693
CVE-2020-7693 affects SockJS sockjs-node before 0.3.20. The issue is caused by improper handling of the Upgrade header with the value websocket, which can crash containers hosting SockJS apps. Severity per CVSS indicates a MEDIUM impact (availability impact = LOW). Remediation: upgrade SockJS to ...