CVE-2025-43855
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-43855
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43855.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-43855
- Aliases
- Published
- 2025-04-24T14:15:59Z
- Modified
- 2025-04-29T14:50:14.871331Z
- Summary
- [none]
- Details
-
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. This issue has been patched in version 11.1.1.
- References
Affected packages
Git / github.com/trpc/trpc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/trpc/trpc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.7.0
0.8.0
v1.*
v1.0.0
v1.0.0-alpha.10
v1.0.0-alpha.16
v1.0.0-alpha.17
v1.0.0-alpha.2
v1.0.0-alpha.3
v1.0.0-alpha.4
v1.0.0-alpha.5
v1.0.0-alpha.6
v1.0.0-alpha.7
v1.0.0-alpha.8
v1.0.0-alpha.9
v1.0.1
v1.1.1
v1.2.0
v1.3.0
v1.3.1
v1.4.1
v1.4.2
v1.4.3
v10.*
v10.0.0
v10.0.0-alpha.2
v10.0.0-alpha.20
v10.0.0-alpha.21
v10.0.0-alpha.22
v10.0.0-alpha.23
v10.0.0-alpha.24
v10.0.0-alpha.25
v10.0.0-alpha.38
v10.0.0-alpha.39
v10.0.0-alpha.40
v10.0.0-alpha.49
v10.0.0-alpha.6
v10.0.0-alpha.7
v10.0.0-alpha.8
v10.0.0-alpha.9
v10.0.0-proxy-alpha.58
v10.0.0-proxy-alpha.59
v10.0.0-proxy-alpha.60
v10.0.0-proxy-alpha.61
v10.0.0-proxy-alpha.62
v10.0.0-proxy-alpha.65
v10.0.0-proxy-alpha.67
v10.0.0-proxy-alpha.73
v10.0.0-proxy-alpha.74
v10.0.0-proxy-alpha.75
v10.0.0-proxy-alpha.76
v10.0.0-proxy-alpha.78
v10.0.0-proxy-alpha.80
v10.0.0-proxy-alpha.81
v10.0.0-proxy-beta.0
v10.0.0-proxy-beta.1
v10.0.0-proxy-beta.10
v10.0.0-proxy-beta.11
v10.0.0-proxy-beta.12
v10.0.0-proxy-beta.13
v10.0.0-proxy-beta.14
v10.0.0-proxy-beta.15
v10.0.0-proxy-beta.16
v10.0.0-proxy-beta.17
v10.0.0-proxy-beta.18
v10.0.0-proxy-beta.19
v10.0.0-proxy-beta.2
v10.0.0-proxy-beta.20
v10.0.0-proxy-beta.22
v10.0.0-proxy-beta.23
v10.0.0-proxy-beta.24
v10.0.0-proxy-beta.25
v10.0.0-proxy-beta.26
v10.0.0-proxy-beta.3
v10.0.0-proxy-beta.4
v10.0.0-proxy-beta.5
v10.0.0-proxy-beta.8
v10.0.0-proxy-beta.9
v10.0.0-rc.0
v10.0.0-rc.1
v10.0.0-rc.2
v10.0.0-rc.3
v10.0.0-rc.4
v10.0.0-rc.5
v10.0.0-rc.6
v10.0.0-rc.7
v10.0.0-rc.8
v10.0.0-rc.9
v10.1.0
v10.10.0
v10.11.0
v10.11.1
v10.12.0
v10.13.0
v10.13.1
v10.13.2
v10.14.0
v10.14.1
v10.15.0
v10.16.0
v10.17.0
v10.18.0
v10.19.0
v10.19.1
v10.2.0
v10.20.0
v10.21.0
v10.21.1
v10.21.2
v10.22.0
v10.23.0
v10.23.1
v10.24.0
v10.25.0
v10.25.1
v10.26.0
v10.27.0
v10.27.1
v10.27.2
v10.27.3
v10.28.0
v10.28.1
v10.28.2
v10.29.0
v10.29.1
v10.3.0
v10.30.0
v10.31.0
v10.32.0
v10.33.0
v10.33.1
v10.34.0
v10.34.1
v10.35.0
v10.36.0
v10.37.0
v10.37.1
v10.38.0
v10.38.1
v10.38.2
v10.38.3
v10.38.4
v10.38.5
v10.39.0
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.40.0
v10.41.0
v10.42.0
v10.43.0
v10.43.1
v10.43.2
v10.43.3
v10.43.4
v10.43.5
v10.43.6
v10.43.7
v10.44.0
v10.44.1
v10.45.0
v10.45.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.8.1
v10.8.2
v10.9.0
v10.9.1
v11.*
v11.0.0
v11.0.0-next-beta.0
v11.0.1
v11.0.2
v11.0.3
v11.0.4
v11.1.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v3.*
v3.0.0
v3.0.1
v3.1.0
v3.2.0
v3.3.0
v3.4.0
v3.4.1
v3.4.2
v3.5.0
v3.5.1
v4.*
v4.0.0
v4.0.1
v5.*
v5.0.0
v6.*
v6.0.0
v6.1.0
v6.1.1
v6.2.0
v6.2.1
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v7.*
v7.0.1
v7.0.2
v7.1.1
v7.2.0
v7.2.1
v7.3.0
v7.3.1
v7.3.2
v7.3.3
v8.*
v8.0.0-alpha.5
v8.0.0-alpha.7
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.2.0
v8.2.1
v8.3.0
v8.3.1
v8.4.0
v8.4.1
v8.4.2
v9.*
v9.0.0
v9.0.1
v9.1.0
v9.10.0
v9.10.1
v9.10.2
v9.11.0
v9.12.0
v9.12.2
v9.13.0
v9.14.0
v9.15.0
v9.16.0
v9.17.0
v9.17.1
v9.18.0
v9.19.0
v9.2.0
v9.20.0
v9.20.1
v9.20.2
v9.20.3
v9.21.0
v9.22.0
v9.23.0
v9.23.1
v9.23.2
v9.23.3
v9.23.4
v9.23.5
v9.23.6
v9.24.0
v9.25.0
v9.25.1
v9.25.2
v9.25.3
v9.26.0
v9.26.1
v9.26.2
v9.27.0
v9.27.1
v9.27.2
v9.3.0
v9.4.0
v9.5.0
v9.6.0
v9.6.1
v9.7.0
v9.7.1
v9.8.0
v9.9.0
v9.9.1