VYPR
Unrated severityNVD Advisory· Published Sep 29, 2023· Updated Sep 23, 2024

NodeBB Pre-Authentication Denial-of-Service

CVE-2023-30591

Description

Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith() or eventName.toString(), while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • NodeBB/Nodebbllm-fuzzy
    Range: <=2.8.10
  • NodeBB, Inc./NodeBBv5
    Range: 0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.