CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.0%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
https://pkg.go.dev/vuln/GO-2021-0107
https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f
https://pkg.go.dev/vuln/GO-2021-0107

Products affected by CVE-2021-4236

Web Project » Web » Version: 1.4.0

cpe:2.3:a:web_project:web:1.4.0
Web Project » Web » Version: 1.5.0

cpe:2.3:a:web_project:web:1.5.0
Web Project » Web » Version: 1.5.1

cpe:2.3:a:web_project:web:1.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-4236

Products

Pricing

Contact Us