CVE-2020-7693

MEDIUM

Sockjs < 0.3.20 - Improper Exception Handling

Title source: rule

Description

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.

Exploits (2)

nomisec WORKING POC 1 stars

by andsnw · poc

https://github.com/andsnw/sockjs-dos-py

View Code ZIP pw:eip

nomisec WORKING POC

by thewindghost · poc

https://github.com/thewindghost/CVE-2020-7693

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JS-SOCKJS-575261

[Exploit, Third Party Advisory] https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448

[Exploit, Patch, Third Party Advisory] https://github.com/sockjs/sockjs-node/issues/252

[Patch, Third Party Advisory] https://github.com/sockjs/sockjs-node/pull/265

[Exploit, Third Party Advisory] https://github.com/andsnw/sockjs-dos-py

[Patch, Third Party Advisory] https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16

Scores

CVSS v3 5.3

EPSS 0.1595

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-755

Status published

Products (2)

npm/sockjs 0 - 0.3.20npm

sockjs_project/sockjs < 0.3.20

Published Jul 09, 2020

Tracked Since Feb 18, 2026