Lucene search
GoCVELIST:CVE-2021-4236HistoryDec 27, 2022 - 9:13 p.m.
CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web
2022-12-2721:13:45
Go
www.cve.org
cve-2021-4236
web sockets
authentication bypass
github
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
CNA Affected
[
{
"vendor": "github.com/ecnepsnai/web",
"product": "github.com/ecnepsnai/web",
"collectionURL": "https://pkg.go.dev",
"packageName": "github.com/ecnepsnai/web",
"versions": [
{
"version": "1.4.0",
"lessThan": "1.5.2",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "Server.socketHandler"
},
{
"name": "Server.Socket"
}
],
"defaultStatus": "unaffected"
}
]Related
veracode
veracode
Denial Of Service (DoS)
2022-12-28 08:38:38
github
github
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
2022-12-28 00:30:23
osv
osv
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
2022-12-28 00:30:23
CVE-2021-4236
2022-12-27 22:15:12
Panic or authentication bypass in github.com/ecnepsnai/web
2021-07-28 18:08:05
nvd
nvd
CVE-2021-4236
2022-12-27 22:15:12
prion
prion
Authentication flaw
2022-12-27 22:15:00
cve
cve
CVE-2021-4236
2022-12-27 22:15:12