8.21.0
14 years ago
1 months ago
Known vulnerabilities in the ws package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Asymmetric Resource Consumption (Amplification) when handling a large number of very small fragments and data chunks. An attacker can cause excessive memory allocation and OOM by sending a high volume of tiny WebSocket frames How to fix Asymmetric Resource Consumption (Amplification)? Upgrade | >=1.1.0 <5.2.5>=6.0.0 <6.2.4>=7.0.0 <7.5.11>=8.0.0 <8.21.0 |
ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Use of Uninitialized Resource in the Note: The project maintainers note that this "flaw is only exploitable through misuse that is unlikely in practice". How to fix Use of Uninitialized Resource? Upgrade | >=8.0.0 <8.20.1 |
ws is a simple to use websocket client, server and console for node.js. Affected versions of this package are vulnerable to Denial of Service (DoS) when the number of received headers exceed the How to fix Denial of Service (DoS)? Upgrade | >=2.1.0 <5.2.4>=6.0.0 <6.2.3>=7.0.0 <7.5.10>=8.0.0 <8.17.1 |