Vulnerability Details : CVE-2023-37899
Potential exploit
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.
Products affected by CVE-2023-37899
- cpe:2.3:a:feathersjs:feathers:*:*:*:*:*:node.js:*:*
- cpe:2.3:a:feathersjs:feathers:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-37899
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-37899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2023-37899
-
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-37899
-
https://github.com/feathersjs/feathers/pull/3241
fix(transport-commons): Handle invalid service paths on socket lookups by daffl · Pull Request #3241 · feathersjs/feathers · GitHubPatch
-
https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19
feathers/CHANGELOG.md at crow · feathersjs/feathers · GitHubRelease Notes
-
https://github.com/feathersjs/feathers/pull/3242
fix(transport-commons): Handle invalid service paths on socket lookups by daffl · Pull Request #3242 · feathersjs/feathers · GitHubPatch
-
https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9
Socket handler allows abusing implicit toString · Advisory · feathersjs/feathers · GitHubExploit;Vendor Advisory
-
https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19
feathers/CHANGELOG.md at dove · feathersjs/feathers · GitHubRelease Notes
Jump to