Skip to content

Documented: math/rand → crypto/rand mask key fix (CWE-338, never CVE'd) #1024

Description

@canolgun

Not a zero-day — already fixed in v1.5.3. Documenting a silent security fix from commit d67f418.\n\n- Finding: WebSocket mask keys generated with math/rand instead of crypto/rand (CWE-338)\n- Fix: v1.5.3 (2024-06-14)\n- Advisory: https://github.com/canolgun-commits/websocket/security/advisories/GHSA-w67g-5rqw-f597\n- Tool: bounty-hunter v6.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions