CVE-2021-4236

Published: Dec 27, 2022

Modified: Apr 11, 2025

PUBLISHED

Description

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.

Vendor	Product	Versions
github.com/ecnepsnai/web	github.com/ecnepsnai/web	affected `1.4.0 - < 1.5.2`

References

https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f

https://pkg.go.dev/vuln/GO-2021-0107

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-4236

Description

Affected Products

References