Vulnerability Description
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sockjs Project | Sockjs | < 0.3.20 |
Related Weaknesses (CWE)
References
- https://github.com/andsnw/sockjs-dos-pyExploitThird Party Advisory
- https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e0PatchThird Party Advisory
- https://github.com/sockjs/sockjs-node/issues/252ExploitPatchThird Party Advisory
- https://github.com/sockjs/sockjs-node/pull/265PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-SOCKJS-575261ExploitThird Party Advisory
- https://github.com/andsnw/sockjs-dos-pyExploitThird Party Advisory
- https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e0PatchThird Party Advisory
- https://github.com/sockjs/sockjs-node/issues/252ExploitPatchThird Party Advisory
- https://github.com/sockjs/sockjs-node/pull/265PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-SOCKJS-575261ExploitThird Party Advisory
FAQ
What is CVE-2020-7693?
CVE-2020-7693 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
How severe is CVE-2020-7693?
CVE-2020-7693 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7693?
Check the references section above for vendor advisories and patch information. Affected products include: Sockjs Project Sockjs.