Vulnerabilities: Difference between revisions
No edit summary |
There are no recorded instances of this exploit being deployed offensively before the patch, but feel free to correct this if there's proof |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 74: | Line 74: | ||
'''Discoverer(s):''' Maroon, FP, KKosty4ka | '''Discoverer(s):''' Maroon, FP, KKosty4ka | ||
== June 17, 2024 == | |||
'''Type:''' Crash exploit | |||
'''Description:''' A [https://github.com/websockets/ws/pull/2231 crash exploit] in the "ws" library affected OWOT. | |||
'''Commit(s):''' <nowiki>https://github.com/system2k/NodeWorldOfText/commit/00ebd4202924dc660dab22ffd41f5c45f39da446</nowiki> | |||
'''Actively exploited at its time:''' No | |||
'''Patched:''' Yes | |||
'''Discoverer(s):''' KKosty4ka | |||
== January 13, 2025 == | |||
'''Type:''' Bad length validation ([https://cwe.mitre.org/data/definitions/1284.html CWE-1284]) | |||
'''Description:''' Due to a typo, string values in a custom chat metadata object were not properly validated. Can be used to take down or saturate the server with extremely large payloads. ([https://capec.mitre.org/data/definitions/231.html CAPEC-231]) | |||
'''Commit(s):''' <nowiki>https://github.com/system2k/NodeWorldOfText/commit/8070c780476c5ecfa257f46743f7b09bc49073ef</nowiki> | |||
'''Actively exploited at its time:''' No | |||
'''Patched:''' Yes | |||
'''Discoverer(s):''' ITAC85v2 | |||