Websockets Ws vulnerabilities
2 known vulnerabilities affecting websockets/ws.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-37890HIGHCVSS 7.5v>= 2.1.0, < 5.2.4v>= 6.0.0, < 6.2.3+2 more2024-06-17
CVE-2024-37890 [HIGH] CWE-476 CVE-2024-37890: ws is an open source WebSocket client and server for Node.js. A request with a number of headers exc
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and [email protected] (4abd8f6). In vulnerable versions of ws, the issue
nvd
CVE-2021-32640MEDIUMCVSS 5.3v>= 5.0.0 <= 7.4.52021-05-25
CVE-2021-32640 [MEDIUM] CWE-400 CVE-2021-32640: ws is an open source WebSocket client and server library for Node.js. A specially crafted value of t
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the i
nvd