MEDIUM🇵🇱 Wersja polska

CVE-2026-45736

CVSS 4.4v3.1pub. 2026-05-15upd. 2026-07-02

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
  • Ws Project Ws

    APP
    Ws Project
    8.0.0 – 8.20.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-48779HIGH7.5ten sam produkt

ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including...

CVE-2016-10518HIGH7.5ten sam produkt

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to all...

CVE-2016-10542HIGH7.5ten sam produkt

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, u...

CVE-2021-32640MEDIUM5.3ten sam produkt

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-We...