security vulnerability for ws
See original GitHub issueA recent nsp check returned the following
| | DoS due to excessively large websocket message |
|------------|-----------------------------------------------------------------|
| Name | ws |
| Installed | 1.1.0 |
| Vulnerable | <=1.1.0 |
| Patched | >=1.1.1 |
| Path | study-kik@1.0.0 > socket.io@1.4.8 > engine.io@1.6.11 > ws@1.1.0 |
| More Info | https://nodesecurity.io/advisories/120 |
Issue Analytics
- State:
- Created 7 years ago
- Reactions:6
- Comments:9 (1 by maintainers)
Top Results From Across the Web
Ws Project WS : List of security vulnerabilities - CVE Details
# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine...
1 CVE‑2021‑32640 400 2021‑05‑25 2022‑06‑04 5.0 None
2 CVE‑2016‑10542 20 2018‑05‑31 2019‑10‑09...
Read more >WebSocket Security: Top 8 Vulnerabilities and How to Solve ...
Most Common WebSocket Vulnerabilities Include · DoS Attacks · No Authentication During the Handshake Process · Unencrypted TCP Channels · Vulnerability to Input ......
Read more >Ws npm - Vulnerabilities & Security Analysis - Snyk
ws is a simple to use websocket client, server and console for node.js. Affected versions of the package are vulnerable to Uninitialized Memory...
Read more >Testing for WebSockets security vulnerabilities - PortSwigger
In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with ......
Read more >Websocket: common vulnerabilities plaguing it and managing ...
ws://redacted.com used for unencrypted connection. wss://redacted.com used for a secure SSL connection. The browser and server perform a ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
A security issue open for 10 days? Is this project still maintained? This is concerning.
Edit: I checked Engine.io since it mentions that package and it looks like they already fixed it in Engine.IO itself, but the NSP tool is having a false positive. So that makes me feel better 😃
https://github.com/socketio/engine.io/issues/410
Released as:
1.7.0
(https://github.com/socketio/engine.io/releases/tag/1.7.0)1.5.0
(https://github.com/socketio/socket.io/releases/tag/1.5.0)