5.3

CVE-2020-7693

Exploit
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sockjs ProjectSockjs SwPlatformnode.js Version < 0.3.20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.95% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://github.com/andsnw/sockjs-dos-py
Third Party Advisory
Exploit
https://github.com/sockjs/sockjs-node/issues/252
Patch
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JS-SOCKJS-575261
Third Party Advisory
Exploit