Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Panic or authentication bypass in github.com/ecnepsnai/web
Vulnerability Description
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ecnepsnai web 代码问题漏洞
Vulnerability Description
Web是Ian Spence个人开发者的一个 Golang 的 HTTP 服务器。用于复杂的 web 应用程序。 ecnepsnai web存在安全漏洞,该漏洞源于Web Sockets 不执行任何可能设置的 AuthenticateMethod 方法,如果返回的 UserData 指针被假定为非 nil 或身份验证绕过,则会导致 nil 指针取消引用。
CVSS Information
N/A
Vulnerability Type
N/A