CPANSA-SockJS-2020-7693-sockjs: SockJS vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2020-07-09T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2020-07-09T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	5.3	Severity
Original language		Language	en
Also referred to

Vulnerability Description

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.

Vulnerabilities

CVE-2020-7693

Vulnerability Description

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.

Weakness	CWE-755 : Improper Handling of Exceptional Conditions

Product status

Known affected

Product

Score

SockJS greater than or equal 0.03 and less than or equal 0.10

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	5.3	Medium
2.0	AV:N/AC:L/Au:N/C:N/I:N/A:P	5.0	Medium

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-SockJS-2020-7693-sockjs JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2020/cpansa-sockjs-2020-7693-sockjs.json
https://nvd.nist.gov/vuln/detail/CVE-2020-7693 external
https://nvd.nist.gov/vuln/detail/CVE-2020-7693
CVE-2020-7693 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2020-7693

Revision history

Version	Date of the revision	Summary of the revision
1	Thu Jul 9 00:00:00 2020	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/