Vulnerabilities: Difference between revisions
No edit summary |
There are no recorded instances of this exploit being deployed offensively before the patch, but feel free to correct this if there's proof |
||
| (3 intermediate revisions by 3 users not shown) | |||
| Line 61: | Line 61: | ||
'''Discoverer(s):''' FP | '''Discoverer(s):''' FP | ||
== June 2, 2024 == | |||
'''Type:''' Rate limit issue | |||
'''Description:''' A user can send up to 512 chat messages per second on the Global channel. | |||
'''Commit(s):''' <nowiki>https://github.com/system2k/NodeWorldOfText/commit/dd4b385b762dc9f6033ddcab788ce4e1a2103b77</nowiki> | |||
'''Actively exploited at its time:''' Yes | |||
'''Patched:''' Yes | |||
'''Discoverer(s):''' Maroon, FP, KKosty4ka | |||
== June 17, 2024 == | |||
'''Type:''' Crash exploit | |||
'''Description:''' A [https://github.com/websockets/ws/pull/2231 crash exploit] in the "ws" library affected OWOT. | |||
'''Commit(s):''' <nowiki>https://github.com/system2k/NodeWorldOfText/commit/00ebd4202924dc660dab22ffd41f5c45f39da446</nowiki> | |||
'''Actively exploited at its time:''' No | |||
'''Patched:''' Yes | |||
'''Discoverer(s):''' KKosty4ka | |||
== January 13, 2025 == | |||
'''Type:''' Bad length validation ([https://cwe.mitre.org/data/definitions/1284.html CWE-1284]) | |||
'''Description:''' Due to a typo, string values in a custom chat metadata object were not properly validated. Can be used to take down or saturate the server with extremely large payloads. ([https://capec.mitre.org/data/definitions/231.html CAPEC-231]) | |||
'''Commit(s):''' <nowiki>https://github.com/system2k/NodeWorldOfText/commit/8070c780476c5ecfa257f46743f7b09bc49073ef</nowiki> | |||
'''Actively exploited at its time:''' No | |||
'''Patched:''' Yes | |||
'''Discoverer(s):''' ITAC85v2 | |||