CVE-2020-7693

Exploit

EPSS 4.98%
Veröffentlicht 09.07.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 05:37:37
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

Denial of Service (DoS)

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sockjs Project ≫ Sockjs SwPlatformnode.js Version < 0.3.20

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.98%	0.911

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://github.com/andsnw/sockjs-dos-py

Third Party Advisory

Exploit

https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16

Patch

Third Party Advisory

https://github.com/sockjs/sockjs-node/issues/252

Patch

Third Party Advisory

Exploit

https://github.com/sockjs/sockjs-node/pull/265

Patch

Third Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JS-SOCKJS-575261

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-7693

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7693

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7693

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-7693