HIGH🇵🇱 Wersja polska

CVE-2023-30591

CVSS 7.5v3.1pub. 2023-09-29upd. 2024-11-21

Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Nodebb

    APP
    Nodebb
    ≤ 2.8.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-43187CRITICAL9.8ten sam produkt

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software pri...

CVE-2023-26045CRITICAL10.0ten sam produkt

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use o...

CVE-2022-46164CRITICAL9.4ten sam produkt

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in so...

CVE-2022-36045CRITICAL9.0ten sam produkt

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It u...

CVE-2021-43787CRITICAL9.0ten sam produkt

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerabilit...