7.5

CVE-2022-39386

EPSS 0.32%
Veröffentlicht 08.11.2022 22:15:15
Zuletzt bearbeitet 21.11.2024 07:18:11
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fastify ≫ Websocket SwPlatformnode.js Version >= 6.0.0 < 7.1.1

Fastify ≫ Websocket Version5.0.0 SwPlatformnode.js

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.543

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-39386

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-39386

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-39386

EUVD