Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. References: https://snyk.io/vuln/SNYK-JS-SOCKJS-575261 https://github.com/sockjs/sockjs-node/issues/252
In OpenShift 4 the container openshift/ose-prometheus packages a vulnerable version of npm-sockjs (0.3.19). It is present in the Prometheus ReactUI which is unused in OpenShift, but can still be manually accessed via the URL.
Mitigation: There is no mitigation for this issue, the flaw can only be resolved by applying updates.