Name of the Vulnerable Software and Affected Versions GosBundle WebSocketBundle versions prior to 1.10.4 GosBundle WebSocketBundle versions prior to 2.6.1 GosBundle WebSocketBundle versions prior to 3.3.0

Description Inside the TopicDispatcher::onPublish() function, messages can be arbitrarily broadcasted to related topics if the dispatch() method fails. This failure can occur due to misconfigured callback definitions on topic routes, missing implementations of the TopicInterface, rejection by topics implementing SecuredTopicInterface, or unhandled exceptions. This can result in unintended broadcasts to the WebSocket server, potentially with sensitive data.

Recommendations For versions prior to 1.10.4, upgrade to 1.10.4 to resolve the issue. For versions prior to 2.6.1, upgrade to 2.6.1 to resolve the issue. For versions prior to 3.3.0, upgrade to 3.3.0 to resolve the issue. As a temporary workaround, consider modifying the TopicDispatcher::onPublish() function to prevent broadcasting event data when dispatch() fails, until an official patch can be applied.