{"id":"GO-2022-0385","details":"The AuthenticateMethod authentication hook is not called for WebSocket\nconnections, allowing unauthenticated access.\n\nThis issue only affects WebSockets with an AuthenticateMethod hook.\nRequest handlers that do not explicitly use WebSockets are not\nvulnerable.\n","modified":"2022-08-29T16:50:59Z","published":"2022-07-01T20:11:02Z","withdrawn":"2024-05-15T05:37:10.983795Z","references":[{"type":"FIX","url":"https://github.com/ecnepsnai/web/commit/5a78f8d5c41ce60dcf9f61aaf47a7a8dc3e0002f"}],"affected":[{"package":{"name":"github.com/ecnepsnai/web","ecosystem":"Go","purl":"pkg:golang/github.com/ecnepsnai/web"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.4.0"},{"fixed":"1.5.2"}]}],"ecosystem_specific":{"imports":[{"symbols":["Server.Socket","Server.socketHandler"],"path":"github.com/ecnepsnai/web"}]},"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0385","source":"https://vuln.go.dev/ID/GO-2022-0385.json"}}],"schema_version":"1.7.3"}