npm package
sockjs
pkg:npm/sockjs
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7693 | — | < 0.3.20 | 0.3.20 | Jul 9, 2020 | Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | ||
| CVE-2020-8823 | — | < 0.3.0 | 0.3.0 | Feb 10, 2020 | htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. |
- CVE-2020-7693Jul 9, 2020affected < 0.3.20fixed 0.3.20
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
- CVE-2020-8823Feb 10, 2020affected < 0.3.0fixed 0.3.0
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.