Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

security vulnerability for ws

See original GitHub issue

A recent nsp check returned the following

|            | DoS due to excessively large websocket message                  |
|------------|-----------------------------------------------------------------|
| Name       | ws                                                              |
| Installed  | 1.1.0                                                           |
| Vulnerable | <=1.1.0                                                         |
| Patched    | >=1.1.1                                                         |
| Path       | study-kik@1.0.0 > socket.io@1.4.8 > engine.io@1.6.11 > ws@1.1.0 |
| More Info  | https://nodesecurity.io/advisories/120                          |

Issue Analytics

State:
Created 7 years ago
Reactions:6
Comments:9 (1 by maintainers)

Top GitHub Comments

1reaction

keverwcommented, Oct 3, 2016

A security issue open for 10 days? Is this project still maintained? This is concerning.

Edit: I checked Engine.io since it mentions that package and it looks like they already fixed it in Engine.IO itself, but the NSP tool is having a false positive. So that makes me feel better 😃

https://github.com/socketio/engine.io/issues/410

0reactions

darrachequesnecommented, Jan 11, 2017

Released as:

engine.io 1.7.0 (https://github.com/socketio/engine.io/releases/tag/1.7.0)
socket.io 1.5.0 (https://github.com/socketio/socket.io/releases/tag/1.5.0)

Top Results From Across the Web

Ws Project WS : List of security vulnerabilities - CVE Details

# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine... 1 CVE‑2021‑32640 400 2021‑05‑25 2022‑06‑04 5.0 None 2 CVE‑2016‑10542 20 2018‑05‑31 2019‑10‑09...

WebSocket Security: Top 8 Vulnerabilities and How to Solve ...

Most Common WebSocket Vulnerabilities Include · DoS Attacks · No Authentication During the Handshake Process · Unencrypted TCP Channels · Vulnerability to Input ......

Ws npm - Vulnerabilities & Security Analysis - Snyk

ws is a simple to use websocket client, server and console for node.js. Affected versions of the package are vulnerable to Uninitialized Memory...

Testing for WebSockets security vulnerabilities - PortSwigger

In this section, we'll explain how to manipulate WebSocket messages and connections, describe the kinds of security vulnerabilities that can arise with ......

Websocket: common vulnerabilities plaguing it and managing ...

ws://redacted.com used for unencrypted connection. wss://redacted.com used for a secure SSL connection. The browser and server perform a ...