Lucene search
GoogleOSV:GO-2021-0107HistoryJul 28, 2021 - 6:08 p.m.
Panic or authentication bypass in github.com/ecnepsnai/web
2021-07-2818:08:05
Google
osv.dev
18
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass.
This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/ecnepsnai/web | ge | 1.4.0 | |
| github.com/ecnepsnai/web | lt | 1.5.2 |
Related
osv
osv
Websocket requests did not call AuthenticateMethod
2021-06-23 17:26:30
GO-2022-0385
2022-07-01 20:11:02
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
2022-12-28 00:30:23
veracode
veracode
Denial Of Service (DoS)
2022-12-28 08:38:38
cvelist
cvelist
CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web
2022-12-27 21:13:45
CVE-2021-4237
1976-01-01 00:00:00
nvd
nvd
CVE-2021-4236
2022-12-27 22:15:12
CVE-2021-4237
2024-06-13 15:15:50
prion
prion
Authentication flaw
2022-12-27 22:15:00
cve
cve
CVE-2021-4236
2022-12-27 22:15:12
CVE-2021-4237
2024-06-13 15:15:50
github
github
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
2022-12-28 00:30:23