Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass.
This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ecnepsnai/web | ge | 1.4.0 | |
github.com/ecnepsnai/web | lt | 1.5.2 |