NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| nodebb(npm) | 3.0.0 | 3.1.3 | N/A |
| nodebb(npm) | 0 | 2.8.13 | N/A |
CVSS Metrics
