๐ CVE-2023-30591 | NodeBB up to 2.8.10 Socket.IO Message eventName.startsWith/eventName.toString unexpected data type
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vuldb.com
A vulnerability, which was classified as problematic, was found in NodeBB up to 2.8.10. Affected is the function eventName.startsWith/eventName.toString
of the component Socket.IO Message Handler. The manipulation leads to improper handling of unexpected data type.
This vulnerability is traded as CVE-2023-30591. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue. ...