CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
48.9%
@feathersjs/transport-commons is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to invalid string conversions such as ${{ toString: '' }}
, which causes the Feathers socket handler to crash the NodeJS process because its unable to handle invalid string conversions.
github.com/advisories/GHSA-hhr9-rh25-hvf9
github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19
github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19
github.com/feathersjs/feathers/commit/0b9a6b19b12ad05934e4c8bd9917448ed39d1ed8
github.com/feathersjs/feathers/commit/c397ab3a0cd184044ae4f73540549b30a396821c
github.com/feathersjs/feathers/pull/3241
github.com/feathersjs/feathers/pull/3242
github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9