HIGH🇬🇧 English

CVE-2016-10542

CVSS 7.5v3.0pub. 2018-05-31upd. 2024-11-21

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Ws Project Ws

    APP
    Ws Project
    ≤ 1.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-48779HIGH7.5ten sam produkt

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including...

CVE-2016-10518HIGH7.5ten sam produkt

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to all...

CVE-2026-45736MEDIUM4.4ten sam produkt

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implement...

CVE-2021-32640MEDIUM5.3ten sam produkt

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-We...