Websocket-Extensions Project Websocket-Extensions vulnerabilities
2 known vulnerabilities affecting websocket-extensions_project/websocket-extensions.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-7663HIGHCVSS 7.5fixed in 0.1.52020-06-02
CVE-2020-7663 [HIGH] CVE-2020-7663: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtrackin
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial
ghsanvdosv
CVE-2020-7662HIGHCVSS 7.5fixed in 0.1.42020-06-02
CVE-2020-7662 [HIGH] CVE-2020-7662: websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial
ghsanvdosv