Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/ecnepsnai/web(Go) | 1.4.0 | 1.5.2 | N/A |
CVSS Metrics
