High severity vulnerability that affects ws

ID GHSA-6663-C963-2GQG
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:06


ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a ws server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.