GHSA-q355-h244-969h: Komari vulnerable to Cross-site WebSocket Hijacking
WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking (CSWSH) attacks against authenticated users
References
- github.com/advisories/GHSA-q355-h244-969h
- github.com/komari-monitor/komari
- github.com/komari-monitor/komari/blob/bd5a6934e1b79a12cf1e6a9bba5372d0e04f3abc/api/terminal.go
- github.com/komari-monitor/komari/commit/53171affcaf050145810efaaef420651a6e630be
- github.com/komari-monitor/komari/releases/tag/1.0.4-fix2
- github.com/komari-monitor/komari/security/advisories/GHSA-q355-h244-969h
Code Behaviors & Features
Detect and mitigate GHSA-q355-h244-969h with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →