CVE-2026-48779
- EPSS 0.78%
- Veröffentlicht 16.06.2026 21:26:22
- Zuletzt bearbeitet 09.07.2026 13:17:23
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to 7.5.11, and from 8.0.0 up to 8.21.0 are affected by a memory exhaustion DoS vulnerability....
CVE-2026-45736
- EPSS 0.72%
- Veröffentlicht 15.05.2026 14:53:57
- Zuletzt bearbeitet 09.07.2026 13:17:20
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8....
CVE-2021-32640
- EPSS 2.82%
- Veröffentlicht 25.05.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:07:26
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.co...
CVE-2016-10542
- EPSS 7.54%
- Veröffentlicht 31.05.2018 20:29:01
- Zuletzt bearbeitet 21.11.2024 02:44:13
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This af...
CVE-2016-10518
- EPSS 2.02%
- Veröffentlicht 31.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 02:44:11
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the p...