Description
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
Recommendation
Update the sockjs package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.3.20
- Patched version(s): 0.3.20
References
Related Issues
- Cross-site scripting in SocksJS-node - CVE-2020-8823
- Improper Input Validation in vriteio/vrite - CVE-2023-5571
- Cisco node-jose improper validation of JWT signature - CVE-2018-0114
- Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation - CVE-2026-45013
You might also like:
- Tags:
- npm
- sockjs
Anything's wrong? Let us know Last updated on February 01, 2023