Vulnerabilities > CVE-2021-4236 - NULL Pointer Dereference vulnerability in web Project web 1.4.0/1.5.0/1.5.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |