HIGH🇵🇱 Wersja polska

CVE-2016-10542

CVSS 7.5v3.0pub. 2018-05-31upd. 2024-11-21

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Ws Project Ws

    APP
    Ws Project
    ≤ 1.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-48779HIGH7.5ten sam produkt

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including...

CVE-2016-10518HIGH7.5ten sam produkt

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to all...

CVE-2026-45736MEDIUM4.4ten sam produkt

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implement...

CVE-2021-32640MEDIUM5.3ten sam produkt

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-We...