Vulnerability	Vulnerable Version
H Uncaught Exception @trpc/server is a The tRPC server library Affected versions of this package are vulnerable to Uncaught Exception via the `createCtxPromise` function. An attacker can cause the server to crash by sending malformed `connectionParams` during the WebSocket connection setup. Specifically, the `parseConnectionParams` function throws an error for malformed input, which is caught but then incorrectly re-thrown within the WebSocket adapter's `createCtxPromise` function. This re-thrown error becomes an uncaught exception in the WebSocket message event context, leading to the termination of the entire tRPC server process. Note: This is only exploitable if the server has WebSockets enabled and uses the `createContext` method. How to fix Uncaught Exception? Upgrade `@trpc/server` to version 11.1.1 or higher.	<11.1.1

Uncaught Exception

@trpc/server is a The tRPC server library

Affected versions of this package are vulnerable to Uncaught Exception via the createCtxPromise function. An attacker can cause the server to crash by sending malformed connectionParams during the WebSocket connection setup. Specifically, the parseConnectionParams function throws an error for malformed input, which is caught but then incorrectly re-thrown within the WebSocket adapter's createCtxPromise function. This re-thrown error becomes an uncaught exception in the WebSocket message event context, leading to the termination of the entire tRPC server process.

Note: This is only exploitable if the server has WebSockets enabled and uses the createContext method.

How to fix Uncaught Exception?

Upgrade @trpc/server to version 11.1.1 or higher.

<11.1.1

Go back to all versions of this package