GO-2022-0385

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2022-0385

Import Source

https://vuln.go.dev/ID/GO-2022-0385.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2022-0385

Withdrawn

2024-05-15T05:37:10.983795Z

Published

2022-07-01T20:11:02Z

Modified

2022-08-29T16:50:59Z

Summary

[none]

Details

The AuthenticateMethod authentication hook is not called for WebSocket connections, allowing unauthenticated access.

This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.

References

https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f

Affected packages

Go / github.com/ecnepsnai/web

Package

Name: github.com/ecnepsnai/web; View open source insights on deps.dev
Purl: pkg:golang/github.com/ecnepsnai/web

Affected ranges

Type: SEMVER
Events: Introduced

1.4.0

Fixed

1.5.2

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/ecnepsnai/web",
            "symbols": [
                "Server.Socket",
                "Server.socketHandler"
            ]
        }
    ]
}

Database specific

source

"https://vuln.go.dev/ID/GO-2022-0385.json"

url

"https://pkg.go.dev/vuln/GO-2022-0385"