[Development] WebSocket Module [CVE-2018-21035]
Sze Howe Koh
szehowe.koh at gmail.com
Mon Mar 9 13:06:54 CET 2020
On Mon, 9 Mar 2020 at 19:11, <enstone83 at gmail.com> wrote:
> I provided a patch for CVE-2018-21035, present in Qt5 WebSocket Module.
> However apparently since the patch adds a new API it cannot go into Qt5.
> This vulnerability makes the Qt5 WebSocket module totally unusable for
> use in non-trusted environment (like Internet).
> Is there anything to do about it ?
I suggest escalating this to the Security team for their attention
On a related note, is Kurt Pattyn still the Maintainer for Qt
WebSockets ? He has been quiet on codereview.qt.io since May 2014
 and on GitHub since Feb 2019 .
More information about the Development