Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: STAR_Labs
Published: 2023-09-29T05:06:43.923Z
Updated: 2023-09-29T05:06:43.923Z
Reserved: 2023-04-13T04:12:59.954Z
Link: CVE-2023-30591
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-29T06:15:09.870
Modified: 2023-10-02T18:19:47.023
Link: CVE-2023-30591
JSON object: View
Redhat Information
No data.