GO-2022-0385

Source
https://pkg.go.dev/vuln/GO-2022-0385
Import Source
https://vuln.go.dev/ID/GO-2022-0385.json
Aliases
Published
2022-07-01T20:11:02Z
Modified
2023-11-08T04:07:05.900365Z
Details

The AuthenticateMethod authentication hook is not called for WebSocket connections, allowing unauthenticated access.

This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.

References

Affected packages

Go / github.com/ecnepsnai/web

Package

Name
github.com/ecnepsnai/web

Affected ranges

Type
SEMVER
Events
Introduced
1.4.0
Fixed
1.5.2

Ecosystem specific 

{
    "imports": [
        {
            "path": "github.com/ecnepsnai/web",
            "symbols": [
                "Server.Socket",
                "Server.socketHandler"
            ]
        }
    ]
}

Database specific 

{
    "url": "https://pkg.go.dev/vuln/GO-2022-0385"
}