Ian Spence

1 exploit Active since Dec 2022
CVE-2021-4236 WRITEUP CRITICAL WRITEUP
web_project/web 1.4.0-1.5.2 - Null Pointer Dereference in WebSocket AuthenticateMethod
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
CVSS 9.8