<p>Upgrade <code>webtorrent</code> to version 0.105.2 or higher.</p>

DNS Rebinding Affecting webtorrent package, versions <0.105.2

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-WEBTORRENT-456068
published 31 Jul 2019
disclosed 30 Jul 2019
credit feross

Report a new vulnerability Found a mistake?

Introduced: 30 Jul 2019

CWE-350 Open this link in a new tab

How to fix?

Upgrade webtorrent to version 0.105.2 or higher.

Overview

webtorrent is a streaming torrent client for node.js and the browser.

Affected versions of this package are vulnerable to DNS Rebinding. When the request hostname does not match the user-provided opts.hostname value. It omits the Access-Control-Allow-Origin header, instead of stop processing the request and return nothing.

References

GitHub Commit

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

Low
Integrity (I)

None
Availability (A)

None

DNS Rebinding Affecting webtorrent package, versions <0.105.2

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 30 Jul 2019

How to fix?

Overview

References

CVSS Scores

Snyk