Lucene search
+L

16 matches found

CVE
CVE
added yesterday13 views

CVE-2026-54490

CVE-2026-54490 involves the websocket-driver library. Prior to version 0.7.5, when used with the permessage-deflate extension, the message size check was based on the compressed frame length rather than the decompressed size, allowing a WebSocket server/client to accept messages larger than the c...

6.3CVSS5.3AI score
Exploits0References2
CVE
CVE
added yesterday14 views

CVE-2026-54466

The CVE-2026-54466 entry concerns websocket-driver (WebSocket protocol handler). Prior to version 0.7.5, draft75.js parses a length header that can be abused by sending a sequence of bytes (0x80 or higher), causing an ever-growing integer to be produced. Because JavaScript numbers are 64‑bit floa...

9.2CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday21 views

CVE-2026-54465 websocket-driver: Memory exhaustion in HTTP header parser

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server or to complement a WebSocket client, a peer can make a single connection consume an unbounded...

6.3CVSS
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-54465

The CVE-2026-54465 issue affects the ruby websocket-driver library (WebSocket::Driver) used to implement a WebSocket server atop a TCP server or to complement a client. The root cause is a memory-exhaustion vulnerability in the HTTP header parser: a single connection can be induced to process an ...

6.3CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-54463

The websocket-driver Ruby package is affected by a memory exhaustion issue in draft WebSocket protocol frames. Before 0.8.1, a length header can be exploited by sending an unbounded sequence of 0x80+ bytes, causing the peer to parse an ever-growing Ruby integer and potentially exhausting memory. ...

6.9CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-54463 websocket-driver: Memory exhaustion via abuse of protocol length headers

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an...

6.9CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-54464 websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS
Exploits0References2
Github Security Blog
Github Security Blog
added 3 days ago9 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 3 days ago15 views

NPM: websocket-driver: Resource limit bypass via message compression

NPM: websocket-driver: Resource limit bypass via message compression vulnerability discovered by ? in WordPress Npm websocket-driver versions 0.7.5...

6.3CVSS6.1AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 3 days ago13 views

NPM: websocket-driver: Message corruption via abuse of protocol length headers

NPM: websocket-driver: Message corruption via abuse of protocol length headers vulnerability discovered by ? in WordPress Npm websocket-driver versions 0.7.5...

9.2CVSS6.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 3 days ago5 views

GHSA-8J3G-F24P-4MPW websocket-driver: Memory exhaustion in HTTP header parser

Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...

6.3CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 3 days ago9 views

websocket-driver: Memory exhaustion in HTTP header parser

Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...

6.3CVSS6AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-60380

Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.8.1 Description When used to implement a WebSocket server on top of a TCP server via the WebSocket::Driver.server method or to complement a WebSocket client, the software is susceptible to memory exhaustion...

6.3CVSS5.3AI score
Exploits0References8
Snyk
Snyk
added 2026/07/08 8:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of protocol length headers in draft versions of the WebSocket protocol. An attacker can cause excessive memory consumption by sending a continuous sequence of byt...

6.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/07/08 8:21 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the permessage-deflate extension. An attacker can cause the application to process messages that exceed the intended resource limits by sending compressed messages that, when...

6.3CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/07/08 8:21 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HTTP header parser process. An attacker can cause excessive memory consumption by sending an HTTP request or response with an unbounded number of headers, leading to memory...

6.3CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder