Lucene search
K

5 matches found

CVE
CVE
added 2021/05/25 6:25 p.m.218 views

CVE-2021-32640

CVE-2021-32640 affects the Node.js ws library. A specially crafted value in the Sec-Websocket-Protocol header can be used to significantly slow down a ws server (resource consumption). The issue is fixed in [email protected]. In vulnerable versions, mitigation includes reducing the maximum length of HTTP ...

5.3CVSS5.4AI score0.02821EPSS
CVE
CVE
added 2026/06/16 9:26 p.m.168 views

CVE-2026-48779

Technical details for CVE-2026-48779 are not publicly available in the provided documents. Monitor for updates from the listed sources; the initial description includes affected versions and fixes, but no further technical specifics are provided here.

7.5CVSS5.1AI score0.00782EPSS
CVE
CVE
added 2018/05/31 8:0 p.m.74 views

CVE-2016-10542

The CVE-2016-10542 issue affects the node.js ws websocket library (versions up to 1.1.0). The vulnerability allows a Denial of Service by sending an overly large payload, crashing the node process. Public documentation from the connected sources confirms the root cause is an insufficient payload ...

7.5CVSS7.3AI score0.07539EPSS
CVE
CVE
added 2018/05/31 8:0 p.m.60 views

CVE-2016-10518

CVE-2016-10518 affects the ws Node.js WebSocket module (pre-1.0.0). The vulnerability arises in the ping pathway: data from a ping frame is converted to a Buffer without validating the type, causing memory disclosure when non-zero-sized buffers are used. Affected versions are ws before 1.0.0; mit...

7.5CVSS7.3AI score0.02015EPSS
CVE
CVE
added 2026/05/15 2:53 p.m.57 views

CVE-2026-45736

Summary: CVE-2026-45736 affects the ws project (WebSocket client/server for Node.js). Prior to version 8.20.1, ws.close() could disclose uninitialized memory when a TypedArray is passed as the reason argument. The issue is fixed in ws 8.20.1. Affected component: ws websocket.close() implementatio...

7.5CVSS5.8AI score0.00717EPSS