Miggo Logo

CVE-2020-7693: Improper Input Validation in SocksJS-Node

5.3

CVSS Score
3.1

Basic Information

EPSS Score
0.93425%
Published
4/13/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
sockjsnpm< 0.3.200.3.20

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper response handling in the fake_response function. The GitHub commit dd7e642 shows removal of a try-catch block that called res.end() after writing headers. This dual termination attempt (from fake_response and subsequent error handlers) caused stream write-after-end errors. The SockJS protocol validation failed to properly sanitize the Upgrade header, allowing attackers to force this code path via crafted websocket upgrade requests to invalid endpoints.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In*orr**t **n*lin* o* Up*r*** *****r wit* t** v*lu* w**so*k*t l***s in *r*s*in* o* *ont*in*rs *ostin* so*kjs *pps. T*is *****ts t** p**k*** so*kjs ***or* *.*.**.

Reasoning

T** vuln*r**ility st*ms *rom improp*r r*spons* **n*lin* in t** **k*_r*spons* *un*tion. T** *it*u* *ommit ******* s*ows r*mov*l o* * try-**t** *lo*k t**t **ll** r*s.*n*() **t*r writin* *****rs. T*is *u*l t*rmin*tion *tt*mpt (*rom **k*_r*spons* *n* su*