Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2022-12-27T21:13:45.711Z

Updated: 2024-08-03T17:23:10.220Z

Reserved: 2022-07-29T19:01:04.923Z

Link: CVE-2021-4236

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-27T22:15:12.013

Modified: 2024-11-21T06:37:12.453

Link: CVE-2021-4236

cve-icon Redhat

No data.