Description

Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.

Related CPE's

a

outray

outray

*

*

*

*

*

node.js

Vulnerable

References

https://github.com/outray-tunnel/outray/commit/08c61495761349e7fd2965229c3faa8d7b1c1581

Patch

https://github.com/outray-tunnel/outray/security/advisories/GHSA-3pqc-836w-jgr7

ExploitVendor Advisory

Weaknesses

[email protected]

Primary
CWE-367

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

3.7 · Low

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-14T15:16:05.663Z

6 days ago

Last modified

2026-01-20T14:52:10.373Z

14 hours ago