Feathersjs

Feathers

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-27193

  • EPSS 0.03%
  • Veröffentlicht 21.02.2026 04:09:06
  • Zuletzt bearbeitet 25.02.2026 15:12:35

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the session cookie, which is signed but not encrypted, exposing internal pr...

8.1

CVE-2026-27192

  • EPSS 0.02%
  • Veröffentlicht 21.02.2026 03:50:35
  • Zuletzt bearbeitet 25.02.2026 15:12:45

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing attackers to bypass the check by registering a domain...

6.1

CVE-2026-27191

  • EPSS 0.03%
  • Veröffentlicht 21.02.2026 03:23:28
  • Zuletzt bearbeitet 25.02.2026 15:12:58

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tok...

7.5

CVE-2023-37899

Exploit
  • EPSS 0.2%
  • Veröffentlicht 19.07.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:12:25

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS p...