VYPR

CWE-1385

Missing Origin Validation in WebSockets

VariantIncomplete

Description

The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (22)

page 2 of 2
  • CVE-2023-2850Jul 25, 2023
    risk 0.00cvss epss 0.00

    NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.

  • CVE-2023-26114Mar 23, 2023
    risk 0.00cvss epss 0.00

    Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.