CVE-2020-7693

MEDIUM

sockjs < 0.3.20 - Denial of Service via Upgrade Header

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-7693. PoCs published by andsnw, thewindghost.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2020-7693, a DoS vulnerability in SockJS 0.3.19 and Meteor JS <1.10.2. The exploit sends crafted WebSocket upgrade requests to trigger an 'ERR_STREAM_WRITE_AFTER_END' error, crashing the target container.

Description

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.

Exploits (2)

nomisec WORKING POC 1 stars

by andsnw · poc

https://github.com/andsnw/sockjs-dos-py

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2020-7693, a DoS vulnerability in SockJS 0.3.19 and Meteor JS <1.10.2. The exploit sends crafted WebSocket upgrade requests to trigger an 'ERR_STREAM_WRITE_AFTER_END' error, crashing the target container.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: SockJS 0.3.19, Meteor JS <1.10.2

No auth needed

Prerequisites: Target running vulnerable SockJS or Meteor JS version · Network access to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by thewindghost · poc

https://github.com/thewindghost/CVE-2020-7693

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for CVE-2020-7693, demonstrating a denial-of-service (DoS) vulnerability in sockjs-node versions before 0.3.20. The exploit involves sending a crafted HTTP request with an 'Upgrade: websocket' header, which crashes the server.