James Coglan - Security Researcher - Exploit Intelligence Platform

CVE-2020-11020 WRITEUP HIGH WRITEUP

Faye <1.0.4, <1.1.3, <1.2.5 - Auth Bypass

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.

CVSS 8.5

View Code

CVE-2020-7662 WRITEUP HIGH WRITEUP

Websocket-extensions < 0.1.4 - Denial of Service

websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

CVSS 7.5

View Code

CVE-2020-7663 WRITEUP HIGH WRITEUP

Websocket-extensions < 0.1.5 - Denial of Service

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

CVSS 7.5

View Code