Sockjs Project: >> Sockjs >> 0.1.0 Security Vulnerabilities
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
CVSS Score
5.3
EPSS Score
0.16
Published
2020-07-09
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2020-02-10