Hackerone Ws Node Module vulnerabilities
2 known vulnerabilities affecting hackerone/ws_node_module.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2016-10518HIGHCVSS 7.5≤ 1.0.02018-05-31
CVE-2016-10518 [HIGH] CWE-201 CVE-2016-10518: A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clie
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need t
nvd
CVE-2016-10542HIGHCVSS 7.5PoCv<=1.1.02018-05-31
CVE-2016-10542 [HIGH] CWE-400 CVE-2016-10542: ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
nvd