CVE-2023-30591

Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:00

Type Values Removed Values Added
References () https://github.com/NodeBB/NodeBB/commit/37b48b82a4bc7680c6e4c42647209010cb239c2c - Patch () https://github.com/NodeBB/NodeBB/commit/37b48b82a4bc7680c6e4c42647209010cb239c2c - Patch
References () https://github.com/NodeBB/NodeBB/commit/4d2d76897a02e7068ab74c81d17a2febfae8bfb9 - Patch () https://github.com/NodeBB/NodeBB/commit/4d2d76897a02e7068ab74c81d17a2febfae8bfb9 - Patch
References () https://github.com/NodeBB/NodeBB/commit/830f142b7aea2e597294a84d52c05aab3a3539ca - Patch () https://github.com/NodeBB/NodeBB/commit/830f142b7aea2e597294a84d52c05aab3a3539ca - Patch
References () https://starlabs.sg/advisories/23/23-30591/ - Third Party Advisory () https://starlabs.sg/advisories/23/23-30591/ - Third Party Advisory

02 Oct 2023, 18:19

Type Values Removed Values Added
References (MISC) https://github.com/NodeBB/NodeBB/commit/37b48b82a4bc7680c6e4c42647209010cb239c2c - (MISC) https://github.com/NodeBB/NodeBB/commit/37b48b82a4bc7680c6e4c42647209010cb239c2c - Patch
References (MISC) https://github.com/NodeBB/NodeBB/commit/830f142b7aea2e597294a84d52c05aab3a3539ca - (MISC) https://github.com/NodeBB/NodeBB/commit/830f142b7aea2e597294a84d52c05aab3a3539ca - Patch
References (MISC) https://starlabs.sg/advisories/23/23-30591/ - (MISC) https://starlabs.sg/advisories/23/23-30591/ - Third Party Advisory
References (MISC) https://github.com/NodeBB/NodeBB/commit/4d2d76897a02e7068ab74c81d17a2febfae8bfb9 - (MISC) https://github.com/NodeBB/NodeBB/commit/4d2d76897a02e7068ab74c81d17a2febfae8bfb9 - Patch
CPE cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Nodebb
Nodebb nodebb
CWE CWE-754

29 Sep 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-29 06:15

Updated : 2024-11-21 08:00


NVD link : CVE-2023-30591

Mitre link : CVE-2023-30591

CVE.ORG link : CVE-2023-30591


JSON object : View

Products Affected

nodebb

  • nodebb
CWE
CWE-241

Improper Handling of Unexpected Data Type

CWE-754

Improper Check for Unusual or Exceptional Conditions