websockets@2.5 vulnerabilities

An implementation of the WebSocket Protocol (RFC 6455 & 7692)

Direct Vulnerabilities

Known vulnerabilities in the websockets package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS). Header sizes are not properly validated which might result in some denial of service scenarios. This vulnerability is likely not exploitable.

How to fix Denial of Service (DoS)?

Upgrade websockets to version 10.0 or higher.

[,10.0)
  • H
Denial of Service (DoS)

websockets is a library for building WebSocket servers and clients in Python with a focus on correctness and simplicity.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to not enforcing max_size when decompressing compressed zip messages.

How to fix Denial of Service (DoS)?

Upgrade websockets to version 5.0 or higher.

[,5.0)