CVE-2023-37899 - OpenCVE

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Feathersjs	Feathers

Configuration 1 [-]

OR	cpe:2.3:a:feathersjs:feathers::::::node.js::*
	cpe:2.3:a:feathersjs:feathers::::::node.js::*

No data.

References

Link	Providers
https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19
https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19
https://github.com/feathersjs/feathers/pull/3241
https://github.com/feathersjs/feathers/pull/3242
https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9

History

Mon, 28 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-19T19:45:31.386Z

Updated: 2024-10-28T15:12:04.645Z

Reserved: 2023-07-10T17:51:29.610Z

Link: CVE-2023-37899

Vulnrichment

Updated: 2024-08-02T17:23:27.750Z

NVD

Status : Analyzed

Published: 2023-07-19T20:15:10.807

Modified: 2023-07-28T15:55:57.443

Link: CVE-2023-37899

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37899", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-10T17:51:29.610Z", "datePublished": "2023-07-19T19:45:31.386Z", "dateUpdated": "2024-10-28T15:12:04.645Z"}, "containers": {"cna": {"title": "feathersjs socket handler allows abusing implicit toString", "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "lang": "en", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9"}, {"name": "https://github.com/feathersjs/feathers/pull/3241", "tags": ["x_refsource_MISC"], "url": "https://github.com/feathersjs/feathers/pull/3241"}, {"name": "https://github.com/feathersjs/feathers/pull/3242", "tags": ["x_refsource_MISC"], "url": "https://github.com/feathersjs/feathers/pull/3242"}, {"name": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19", "tags": ["x_refsource_MISC"], "url": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19"}, {"name": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19", "tags": ["x_refsource_MISC"], "url": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19"}], "affected": [{"vendor": "feathersjs", "product": "feathers", "versions": [{"version": "< 4.5.18", "status": "affected"}, {"version": ">= 5.0.0, < 5.0.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-19T19:45:31.386Z"}, "descriptions": [{"lang": "en", "value": "Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability."}], "source": {"advisory": "GHSA-hhr9-rh25-hvf9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.750Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9"}, {"name": "https://github.com/feathersjs/feathers/pull/3241", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/feathersjs/feathers/pull/3241"}, {"name": "https://github.com/feathersjs/feathers/pull/3242", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/feathersjs/feathers/pull/3242"}, {"name": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19"}, {"name": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-28T15:11:51.616890Z", "id": "CVE-2023-37899", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T15:12:04.645Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9", "name": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/feathersjs/feathers/pull/3241", "name": "https://github.com/feathersjs/feathers/pull/3241", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/feathersjs/feathers/pull/3242", "name": "https://github.com/feathersjs/feathers/pull/3242", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19", "name": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19", "name": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.750Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37899", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-28T15:11:51.616890Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T15:11:56.580Z"}}], "cna": {"title": "feathersjs socket handler allows abusing implicit toString", "source": {"advisory": "GHSA-hhr9-rh25-hvf9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "feathersjs", "product": "feathers", "versions": [{"status": "affected", "version": "< 4.5.18"}, {"status": "affected", "version": ">= 5.0.0, < 5.0.8"}]}], "references": [{"url": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9", "name": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/feathersjs/feathers/pull/3241", "name": "https://github.com/feathersjs/feathers/pull/3241", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/feathersjs/feathers/pull/3242", "name": "https://github.com/feathersjs/feathers/pull/3242", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19", "name": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19", "name": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-19T19:45:31.386Z"}}}, "cveMetadata": {"cveId": "CVE-2023-37899", "state": "PUBLISHED", "dateUpdated": "2024-10-28T15:12:04.645Z", "dateReserved": "2023-07-10T17:51:29.610Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-07-19T19:45:31.386Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:feathersjs:feathers:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "8B251930-5589-433E-802F-00FC38A8F320", "versionEndExcluding": "4.5.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:feathersjs:feathers:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7685FD7F-A59E-4A10-9F97-49F0008F981B", "versionEndExcluding": "5.0.8", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability."}], "id": "CVE-2023-37899", "lastModified": "2023-07-28T15:55:57.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-19T20:15:10.807", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/feathersjs/feathers/pull/3241"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/feathersjs/feathers/pull/3242"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "security-advisories@github.com", "type": "Primary"}]}