CVE-2026-44217

Sažetak

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1.

Reference

https://github.com/rexxars/sse-channel/issues/42
https://github.com/rexxars/sse-channel/security/advisories/GHSA-84hm-wfh8-c5pg

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

13-05-2026 - 18:21

Objavljeno

12-05-2026 - 20:16