Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-websocket-security
Awesome information for WebSockets security research
https://github.com/PalindromeLabs/awesome-websocket-security
Last synced: 3 days ago
JSON representation
-
<a name="bug_bounty_writeups"></a>Bug Bounty Writeups
-
CSWSH bugs
- Undisclosed target
- Undisclosed target
- Slack H1 #207170 - slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/))
- Stripo H1 #915541
- Coda H1 #535436
- Legal Robot #211283
- Legal Robot H1 #274324
- Grammarly #395729
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
- Undisclosed target
-
Other bugs
-
-
<a name="websocket_library_vulnerabilities"></a>WebSocket Library Vulnerabilities
- CVE-2021-42340
- CVE-2021-33880 - 8ch4-58qp-g3mp) | HTTP basic auth timing attack |
- CVE-2021-32640 - 6fc8-4gx4-v693) | Regex backtracking Denial of Service |
- CVE-2020-36406 - fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml) | Stack buffer overflow |
- CVE-2020-27813 - jf24-p9p9-4rjh) | Integer overflow |
- CVE-2020-24807 - file](https://github.com/rico345100/socket.io-file) | [Auxilium Security](https://blog.auxiliumcybersec.com/?p=2646) | File type restriction bypass |
- CVE-2020-15779 - file](https://github.com/rico345100/socket.io-file) | [Auxilium Security](https://blog.auxiliumcybersec.com/?p=2586) | Path traversal |
- CVE-2020-15134 - websocket](https://github.com/faye/faye-websocket-ruby) | [GitHub advisory](https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9) | Lack of TLS certificate validation |
- CVE-2020-15133 - websocket](https://github.com/faye/faye-websocket-ruby) | [GitHub advisory](https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv) | Lack of TLS certificate validation |
- CVE-2020-11050 - WebSocket/) | [GitHub advisory](https://github.com/TooTallNate/Java-WebSocket/security/advisories/GHSA-gw55-jm4h-x339) | SSL hostname validation not performed |
- CVE-2020-7663 - extensions](https://rubygems.org/gems/websocket-extensions) | [Writeup](https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensions/) | Regex backtracking Denial of Service |
- CVE-2020-7662 - extensions](https://rubygems.org/gems/websocket-extensions) | [Writeup](https://snyk.io/blog/regular-expression-denial-of-service-in-websocket-extensions/) | Regex backtracking Denial of Service |
- CVE-2018-1000518
- CVE-2018-21035 - 5/qtwebsockets-index.html) | [Bug report](https://bugreports.qt.io/browse/QTBUG-70693) | Denial of service due large limit on message and frame size |
- CVE-2017-16031
- CVE-2016-10544
- CVE-2016-10542
- draft-hixie-thewebsocketprotocol-76 - archive/web/hybi/current/msg04744.html+&cd=1&hl=en&ct=clnk&gl=us) | |
- Socket.io
- Tornado
-
2011
-
<a name="websocket_security_tools"></a>WebSocket Security Tools
-
General Utilities & Tools
-
-
<a name="common_websocket_weaknesses"></a>Common WebSocket Weaknesses
-
DOM-based WebSocket-URL poisoning
-
Reverse Proxy Bypass using Upgrade Header
-
-
<a name="useful_blogs"></a>Useful Blog Posts & Resources
Programming Languages
Categories
<a name="bug_bounty_writeups"></a>Bug Bounty Writeups
48
<a name="websocket_library_vulnerabilities"></a>WebSocket Library Vulnerabilities
20
<a name="common_websocket_weaknesses"></a>Common WebSocket Weaknesses
6
<a name="useful_blogs"></a>Useful Blog Posts & Resources
5
2011
4
<a name="websocket_security_tools"></a>WebSocket Security Tools
2
DOM-based WebSocket-URL poisoning
1
Sub Categories