{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.3.20" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "0.3.20" } ] } ] }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "dd7e642cd69ee74385825816d30642c43e051d16" } ], "repo": "https://github.com/sockjs/sockjs-node", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "dd7e642cd69ee74385825816d30642c43e051d16" } ], "repo": "https://github.com/sockjs/sockjs-node", "type": "GIT" } ] } ], "details": "Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.", "id": "CVE-2020-7693", "modified": "2026-03-15T21:44:47.812634088Z", "published": "2020-07-09T14:15:11.197Z", "references": [ { "type": "FIX", "url": "https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16" }, { "type": "FIX", "url": "https://github.com/sockjs/sockjs-node/issues/252" }, { "type": "FIX", "url": "https://github.com/sockjs/sockjs-node/pull/265" }, { "type": "EVIDENCE", "url": "https://github.com/andsnw/sockjs-dos-py" }, { "type": "EVIDENCE", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575448" }, { "type": "EVIDENCE", "url": "https://snyk.io/vuln/SNYK-JS-SOCKJS-575261" } ], "related": [ "SNYK-JAVA-ORGWEBJARSNPM-575448", "SNYK-JS-SOCKJS-575261" ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "type": "CVSS_V3" } ] }