CVE-2023-37899: Improper Check for Unusual or Exceptional Conditions
(updated )
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler does not catch invalid string conversion errors like const message = ${{ toString: '' }}
which would cause the NodeJS process to crash when sending an unexpected Socket.io message like socket.emit('find', { toString: '' })
. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.
References
Detect and mitigate CVE-2023-37899 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →