CVE-2020-7693

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
snykCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
sockjs_projectsockjs
𝑥
< 0.3.20
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-socks
bookworm
2.7.1+dfsg-2
fixed
sid
2.7.1+dfsg-3
fixed
trixie
2.7.1+dfsg-3
fixed
Common Weakness Enumeration
References
https://github.com/andsnw/sockjs-dos-py
https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16
https://github.com/sockjs/sockjs-node/issues/252
https://github.com/sockjs/sockjs-node/pull/265
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448
https://snyk.io/vuln/SNYK-JS-SOCKJS-575261
https://github.com/andsnw/sockjs-dos-py
https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16
https://github.com/sockjs/sockjs-node/issues/252
https://github.com/sockjs/sockjs-node/pull/265
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448
https://snyk.io/vuln/SNYK-JS-SOCKJS-575261