Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: STAR_Labs
Published: 2023-09-29T05:06:43.923Z
Updated: 2024-08-02T14:28:51.967Z
Reserved: 2023-04-13T04:12:59.954Z
Link: CVE-2023-30591
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-29T06:15:09.870
Modified: 2023-10-02T18:19:47.023
Link: CVE-2023-30591
Redhat
No data.