JLSEC-2026-622
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-622.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-622.json
- JSON Data
- https://api.osv.dev/v1/vulns/JLSEC-2026-622
- Aliases
-
- ANT-2026-90M07PW7
- ANT-2026-K6WWQH2N
- ANT-2026-ZQ6ARSMP
- Upstream
- Published
- 2026-06-23T12:59:32.708Z
- Modified
- 2026-06-23T17:30:17.122156332Z
- Summary
- Predictable WebSocket masking key and handshake nonce in HTTP.jl client
- Details
-
Description
The WebSocket client masking key (
ws_send_frame!) and theSec-WebSocket-Keyhandshake nonce (ws_random_handshake_key) were generated withrand(UInt8, n), which draws from the task-local Xoshiro256++ PRNG. Xoshiro is not cryptographically secure: its internal state can be recovered from a short run of observed outputs, and every outbound client frame exposes 4 mask bytes on the wire. An on-path observer could therefore recover the RNG state and predict all future masking keys, defeating the RFC 6455 ยง5.3 anti-cache-poisoning purpose of masking.Impact
Predictable masking keys could let an on-path attacker who also supplies payload craft wire bytes that a non-conformant transparent proxy parses and caches (request/response smuggling and cache poisoning).
Patches
Fixed in HTTP.jl v2.4.0. A module-level CSPRNG (
const WS_CSPRNG = Random.RandomDevice()) now generates both the 4-byte masking key and the 16-byte handshake nonce. The wire format and public API are unchanged.Reported to the JuliaLang security team through Anthropic's Coordinated Vulnerability Disclosure program.
- Database specific
{ "license": "CC-BY-4.0" }- References