5 matches found
CVE-2021-32640
CVE-2021-32640 affects the Node.js ws library. A specially crafted value in the Sec-Websocket-Protocol header can be used to significantly slow down a ws server (resource consumption). The issue is fixed in [email protected]. In vulnerable versions, mitigation includes reducing the maximum length of HTTP ...
CVE-2026-48779
Technical details for CVE-2026-48779 are not publicly available in the provided documents. Monitor for updates from the listed sources; the initial description includes affected versions and fixes, but no further technical specifics are provided here.
CVE-2016-10542
The CVE-2016-10542 issue affects the node.js ws websocket library (versions up to 1.1.0). The vulnerability allows a Denial of Service by sending an overly large payload, crashing the node process. Public documentation from the connected sources confirms the root cause is an insufficient payload ...
CVE-2016-10518
CVE-2016-10518 affects the ws Node.js WebSocket module (pre-1.0.0). The vulnerability arises in the ping pathway: data from a ping frame is converted to a Buffer without validating the type, causing memory disclosure when non-zero-sized buffers are used. Affected versions are ws before 1.0.0; mit...
CVE-2026-45736
Summary: CVE-2026-45736 affects the ws project (WebSocket client/server for Node.js). Prior to version 8.20.1, ws.close() could disclose uninitialized memory when a TypedArray is passed as the reason argument. The issue is fixed in ws 8.20.1. Affected component: ws websocket.close() implementatio...