Filtered by vendor Websocket-extensions Project
Subscribe
Filtered by product Websocket-extensions
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7663 | 1 Websocket-extensions Project | 1 Websocket-extensions | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | |||||
CVE-2020-7662 | 1 Websocket-extensions Project | 1 Websocket-extensions | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. |