Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN

Enabling Authentication does not close all logged in socket connections immediately

Summary

This is basically GHSA-88j4-pcx8-q4q but instead of changing passwords, when enabling authentication.

PoC

Impact

See GHSA-g9v2-wqcj-j99g and GHSA-88j4-pcx8-q4q

TBH this is quite a niche edge case, so I don't know if this even warrants a security report.

Permalink: https://github.com/advisories/GHSA-23q2-5gf8-gjpp
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


Identifiers: GHSA-23q2-5gf8-gjpp
References: Repository: https://github.com/louislam/uptime-kuma
Blast Radius: 1.0

Affected Packages

npm:uptime-kuma
Dependent packages: 0
Dependent repositories: 0
Downloads: 75 last month
Affected Version Ranges: <= 1.23.11
Fixed in: 1.23.12
All affected versions:
All unaffected versions: