CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2020-7663

Websocket-Extensions Project » Websocket-Extensions » Version: 0.1.0

cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.0
Websocket-Extensions Project » Websocket-Extensions » Version: 0.1.1

cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.1
Websocket-Extensions Project » Websocket-Extensions » Version: 0.1.2

cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.2
Websocket-Extensions Project » Websocket-Extensions » Version: 0.1.3

cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.3
Websocket-Extensions Project » Websocket-Extensions » Version: 0.1.4

cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.4
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04
Canonical » Ubuntu Linux » Version: 20.04

cpe:2.3:o:canonical:ubuntu_linux:20.04
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7663

Products

Pricing

Contact Us