Debian Node-Ws vulnerabilities

4 known vulnerabilities affecting debian/node-ws.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-37890HIGHCVSS 7.5fixed in node-ws 8.18.0+~cs13.7.11-1 (forky)2024
CVE-2024-37890 [HIGH] CVE-2024-37890: node-ws - ws is an open source WebSocket client and server for Node.js. A request with a n... ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and [email protected] (4abd8f6). In vulnerable versions of ws, the issue can be mitigate
debian
CVE-2021-32640MEDIUMCVSS 5.3fixed in node-ws 7.4.2+~cs18.0.8-2 (bookworm)2021
CVE-2021-32640 [MEDIUM] CVE-2021-32640: node-ws - ws is an open source WebSocket client and server library for Node.js. A speciall... ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mit
debian
CVE-2016-10542HIGHCVSS 7.5PoCfixed in node-ws 1.1.0+ds1.e6ddaae4-5 (bookworm)2016
CVE-2016-10542 [HIGH] CVE-2016-10542: node-ws - ws is a "simple to use, blazing fast and thoroughly tested websocket client, ser... ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. Scope: local bookworm: resolved (fixed in 1.1.0+ds1.e6ddaae4-5) bullseye: resolved (fixed
debian
CVE-2016-10518LOWCVSS 7.5fixed in node-ws 1.0.1+ds1.e6ddaae4-1 (bookworm)2016
CVE-2016-10518 [HIGH] CVE-2016-10518: node-ws - A vulnerability was found in the ping functionality of the ws module before 1.0.... A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buf
debian