GHSA-58QX-3VCG-4XPX ws: Uninitialized memory disclosure

Impact The websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. Proof of concept js import deepStrictEqual from 'node:assert'; import WebSocket, WebSocketServer from 'ws'; const wss = new WebSocketServer port: 0,...

EUVD-2021-0968

Malware in sbrugna...

The vulnerability of the `server.maxHeadersCount()` configuration in the client-server library `ws` of the Node.js software platform allows a attacker to trigger a denial-of-service attack.

The vulnerability of the server.maxHeadersCount configuration in the client-server library ws of the Node.js software platform is related to errors in pointer assignment due to exceeding the threshold values of request headers. Exploiting this vulnerability may allow a remote attacker to cause...

PT-2024-5560 · Npm +2 · Ws +2

Name of the Vulnerable Software and Affected Versions: ws versions prior to 8.17.1 ws versions prior to 7.5.10 ws versions prior to 6.2.3 ws versions prior to 5.2.4 Description: The issue is related to errors in handling request headers in the ws library for Node.js, specifically when the number ...