VYPR
Critical severityNVD Advisory· Published Dec 27, 2022· Updated Apr 11, 2025

Panic or authentication bypass in github.com/ecnepsnai/web

CVE-2021-4236

Description

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/ecnepsnai/webGo
>= 1.4.0, < 1.5.21.5.2

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.