Veracode Vulnerability DatabaseVERACODE:41444Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
29.6%
@feathersjs/transport-commons is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to invalid string conversions such as ${{ toString: '' }}, which causes the Feathers socket handler to crash the NodeJS process because its unable to handle invalid string conversions.
References
github.com/advisories/GHSA-hhr9-rh25-hvf9
github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19
github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19
github.com/feathersjs/feathers/commit/0b9a6b19b12ad05934e4c8bd9917448ed39d1ed8
github.com/feathersjs/feathers/commit/c397ab3a0cd184044ae4f73540549b30a396821c
github.com/feathersjs/feathers/pull/3241
github.com/feathersjs/feathers/pull/3242
github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
29.6%