CVE-2020-7693

MEDIUM

Sockjs < 0.3.20 - Improper Exception Handling

Title source: rule

Description

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.

Exploits (2)

nomisec WORKING POC 1 stars

by andsnw · poc

https://github.com/andsnw/sockjs-dos-py

View Code ZIP pw:eip

nomisec WORKING POC

by thewindghost · poc

https://github.com/thewindghost/CVE-2020-7693

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://github.com/andsnw/sockjs-dos-py

[Patch, Third Party Advisory] https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16

[Exploit, Patch, Third Party Advisory] https://github.com/sockjs/sockjs-node/issues/252

[Patch, Third Party Advisory] https://github.com/sockjs/sockjs-node/pull/265

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JS-SOCKJS-575261

Scores

CVSS v3 5.3

EPSS 0.1595

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-755

Status published

Affected Products (2)

sockjs_project/sockjs < 0.3.20

npm/sockjs < 0.3.20npm

Timeline

Published Jul 09, 2020

Tracked Since Feb 18, 2026