{"id":"CVE-2021-4236","details":"Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable.","aliases":["GHSA-5gjg-jgh4-gppm","GHSA-jpgg-cp2x-qrw3","GO-2021-0107"],"modified":"2026-03-14T11:15:12.547698Z","published":"2022-12-27T22:15:12.013Z","references":[{"type":"FIX","url":"https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f"},{"type":"FIX","url":"https://pkg.go.dev/vuln/GO-2021-0107"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ecnepsnai/web","events":[{"introduced":"44e6297e6edfd25cca373c37d68bbfe84fbb474c"},{"fixed":"5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f"}],"database_specific":{"versions":[{"introduced":"1.4.0"},{"fixed":"1.5.2"}]}}],"versions":["v1.4.0","v1.5.0","v1.5.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4236.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}