Lucene search
SnykCVELIST:CVE-2020-7662HistoryJun 02, 2020 - 6:28 p.m.
CVE-2020-7662
2020-06-0218:28:46
snyk
www.cve.org
6
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
CNA Affected
[
{
"product": "websocket-extensions (npm)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.1.4"
}
]
}
]Related
githubexploit
githubexploit
Exploit for CVE-2020-7662
2020-12-01 09:45:48
nodejs
nodejs
Regular Expression Denial of Service
2021-05-13 20:29:46
osv
osv
Regular Expression Denial of Service in websocket-extensions (NPM package)
2020-06-05 16:16:12
CVE-2020-7662
2020-06-02 19:15:12
cve
cve
CVE-2020-7662
2020-06-02 19:15:12
github
github
Regular Expression Denial of Service in websocket-extensions (NPM package)
2020-06-05 16:16:12
redhatcve
redhatcve
CVE-2020-7662
2021-07-18 01:58:45
prion
prion
Design/Logic Flaw
2020-06-02 19:15:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2020-06-03 02:15:15
nvd
nvd
CVE-2020-7662
2020-06-02 19:15:12
checkpoint_advisories
checkpoint_advisories
Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)
2020-06-16 00:00:00
redhat
redhat
nessus
nessus
ibm
ibm