CVE-2020-7693 Information
Feb 14, 2021
cve
Description
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Reference
https://github.com/andsnw/sockjs-dos-py https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16 https://github.com/sockjs/sockjs-node/issues/252 https://github.com/sockjs/sockjs-node/pull/265 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448 https://snyk.io/vuln/SNYK-JS-SOCKJS-575261
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
5.3
Share on: