What is CVE-2023-37899?

CVE-2023-37899 is a high-severity vulnerability in Feathersjs Feathers, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 7.5/10. Published 2023-07-19.

How severe is CVE-2023-37899?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Feathersjs Feathers

CVE-2023-37899

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause t…

EPSS: 0.003 (50.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Feathersjs Feathers — versions < 4.5.18, >= 5.0.0, < 5.0.8

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

https://github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9 (x_refsource_CONFIRM)
https://github.com/feathersjs/feathers/pull/3241 (x_refsource_MISC)
https://github.com/feathersjs/feathers/pull/3242 (x_refsource_MISC)
https://github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19 (x_refsource_MISC)
https://github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-37899?: CVE-2023-37899 is a high-severity vulnerability in Feathersjs Feathers, classified under Improper Check for Unusual or Exceptional Conditions. CVSS score: 7.5/10. Published 2023-07-19.
How severe is CVE-2023-37899?: High severity. CVSS v3 base score is 7.5 out of 10.