-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability allows Denial of Service (DoS) via Regex Backtracking #8
Comments
I think this one is related to https://github.com/faye/websocket-extensions-ruby (and it was fixed in their latest version btw). The similar vulnerability related to this package is CVE-2020-7662 and it was already resolved in the latest version. However; for some reason, I'm getting the CVE-2020-7663 vulnerability warning in the vulnerability management tool of one of my projects. I think these might be something wrong with the vulnerabilities database. |
Just to confirm: CVE-2020-7662 relates to this repository, and CVE-2020-7663 relates to the Ruby version, https://github.com/faye/websocket-extensions-ruby. Both these CVEs have been addressed in published releases. Is there another reason you were flagging this, @clepore, or should I close this issue? |
@clepore That's ok, I was wondering whether your reporting tool is confusing this repo with https://github.com/faye/websocket-extensions-ruby, since both repos contain a package with the same name, but that repo is a Ruby package while this one is for Node.js. Just to spell this out and make sure it's clear for others who find this thread:
|
I wasn't sure if you were aware of this: National Vulnerability DB - CVE-2020-7663
Thanks and cheers!
The text was updated successfully, but these errors were encountered: