ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NWs Project Ws
APPWs Project8.0.0 – 8.20.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2026-48779HIGH7.5ten sam produkt
ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including...
CVE-2016-10518HIGH7.5ten sam produkt
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to all...
CVE-2016-10542HIGH7.5ten sam produkt
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, u...
CVE-2021-32640MEDIUM5.3ten sam produkt
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-We...