Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32640 | 2 Netapp, Ws Project | 2 E-series Performance Analyzer, Ws | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/ ...
Show More |
|||||
| CVE-2016-10542 | 1 Ws Project | 1 Ws | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
|
|||||
| CVE-2016-10518 | 1 Ws Project | 1 Ws | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers ...
Show More |
|||||