6 matches found
CVE-2021-32640
creationtimestamp| type| source ---|---|--- 2026-04-07 15:02:10+00:00| seen| https://t.me/codebysec/9952...
Reddit: Regular Expression Denial of Service vulnerability
Summary: The vulnerability I have found is classified as a Regular Expression Denial of Service. While inspecting the source code file RealtimeGQLSubscriptionAsync.js I came across the nodemodule subscriptions-transport-ws See Screenshot 1. The search result of the subscriptions-transport-ws...
Regular Expression Denial of Service
Overview In ws before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability. Impact A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Proof of concept js for const length of 1000, 2000, 4000, 8000, 16000, 32000 const value ...
@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +163 more potentially affected by CVE-2021-32640 via ws (>=5.0.0 <=5.2.2)
ws NPM version =5.0.0, =0.1.2, =0.3.7, =0.1.8, =1.0.0, =1.0.0, =1.0.17-beta, =1.3.6, =0.1.0, =3.0.0, =3.0.0, =1.0.21, =1.0.27 and more Source cves: CVE-2021-32640 Source advisory: OSV:GHSA-6FC8-4GX4-V693...
7ghost (>=4.11.25 <=4.11.46), @100mslive/hms-excalidraw (>=0.1.3 <=0.1.14) +1208 more potentially affected by CVE-2021-32640 via ws (>=6.0.0 <=6.2.1)
ws NPM version =6.0.0, =4.11.25, =0.1.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =7.0.0, =0.1.0, =4.4.0, =4.2.2, =2.9.0, =0.0.1-alpha.95, =1.0.0, =1.2.0, =1.0.2, =1.0.4 and more Source cves: CVE-2021-32640 Source advisory: OSV:GHSA-6FC8-4GX4-V693...
CVE-2021-32640
CVE-2021-32640 affects the Node.js ws library. A specially crafted value in the Sec-Websocket-Protocol header can be used to significantly slow down a ws server (resource consumption). The issue is fixed in [email protected]. In vulnerable versions, mitigation includes reducing the maximum length of HTTP ...