GorillatoolkitCVEs & Vulnerabilities
2 CVEs affecting Gorillatoolkit products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
handlers 1websocket 1
CVE-2017-20146CRITICAL
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
28 Dec 2022
9.8
CVSS
CVE-2020-27813HIGH
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.
2 Dec 2020
7.5
CVSS
← PrevPage 1 / 1Next →