WebSocket - API Security Blog

CVE-2022-25227

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an ...

23 июня, 2022

Spring for GraphQL 1.0 Release

![](https://raw.githubusercontent.com/spring-projects/spring-graphql/main/spring-graphql-docs/src/docs/spring-graphql.svg) On behalf of the Spring for GraphQL team and every contributor, it is my plea ...

23 июня, 2022

Improper socket reuse in Apache Tomcat

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...

23 июня, 2022

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...

23 июня, 2022

Allocation of Resources Without Limits or Throttling in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated u ...

23 июня, 2022

CVE-2022-0217

Unauthenticated Remote Denial of Service Attack in the WebSocket interfaceRead More ...

20 июня, 2022

DOMDig – DOM XSS Scanner For Single Page Applications

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvOzTXaMbb9CXjEw9netji8LfGIK_L72Soe_LhhPvFxptiS9UQBigpE1Nu58_nQ1_YmTWOfSy2b4-6gCKnQbpEZELP2AyM4uVnwLYPT0UyvIZVqO-qYfzFOkv_j7YMAUKJCa88ao ...

12 июня, 2022

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.Read More ...

09 июня, 2022