7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.015 Low
EPSS
Percentile
86.8%
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service
(DoS) via Regex Backtracking. The extension parser may take quadratic time
when parsing a header containing an unclosed string parameter value whose
content is a repeating two-byte sequence of a backslash and some other
character. This could be abused by an attacker to conduct Regex Denial Of
Service (ReDoS) on a single-threaded server by providing a malicious
payload with the Sec-WebSocket-Extensions header.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ruby-websocket-extensions | < 0.1.2-1+deb9u1build0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | ruby-websocket-extensions | < 0.1.2-1+deb9u1build0.20.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | ruby-websocket-extensions | < 0.1.2-1+deb9u1build0.16.04.1 | UNKNOWN |
blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions
github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
launchpad.net/bugs/cve/CVE-2020-7663
nvd.nist.gov/vuln/detail/CVE-2020-7663
security-tracker.debian.org/tracker/CVE-2020-7663
snyk.io/vuln/SNYK-RUBY-WEBSOCKETEXTENSIONS-570830
ubuntu.com/security/notices/USN-4502-1
www.cve.org/CVERecord?id=CVE-2020-7663
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.015 Low
EPSS
Percentile
86.8%