RSS   Vulnerabilities for 'Sockjs'   RSS

2020-07-09
 
CVE-2020-7693

CWE-20
 

 
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.

 
2020-02-10
 
CVE-2020-8823

CWE-79
 

 
htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top