HIGH🇬🇧 English

CVE-2023-37899

CVSS 7.5v3.1pub. 2023-07-19upd. 2024-11-21

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Feathersjs Feathers

    APP
    Feathersjs
    < 4.5.185.0.0 – 5.0.8 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-29792CRITICAL9.3PL ✓ten sam produkt

Feathers.js: pominięcie uwierzytelnienia OAuth umożliwia przejęcie konta

CVE-2026-29793CRITICAL9.3PL ✓ten sam produkt

Feathers.js – wstrzyknięcie operatorów MongoDB przez Socket.IO (NoSQL Injection)

CVE-2026-27191HIGH7.4ten sam produkt

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Vers...

CVE-2026-27192HIGH7.6ten sam produkt

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In v...

CVE-2026-27193HIGH8.2ten sam produkt

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In v...