SockJS 0.3.19 affected by CVE-2020-7693

Hi all,

I’m sharing some old security research in this new forum category that may affect anyone still using an outdated version of Meteor <1.10.2 SockJS 0.3.19. Any apps using these affected versions may be vulnerable to denial-of-service attacks (CVE-2020-7693). An unauthenticated attacker can crash containers.

To fix, upgrade to newer versions of SockJS.

For more info, see:



Interesting, thanks for sharing :clap:

Looking at the Meteor changelog @harry97 did an update in Meteor v2.12.0 to sockjs v0.3.24 and v1.6.1 on client (these are the latest versions to this date). Before that it is a bit hard to track from changelog alone.

1 Like