Homepage
About Snyk

websockets@8.1 vulnerabilities

An implementation of the WebSocket Protocol (RFC 6455 & 7692)

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the websockets package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS). Header sizes are not properly validated which might result in some denial of service scenarios. This vulnerability is likely not exploitable.

How to fix Denial of Service (DoS)?

Upgrade websockets to version 10.0 or higher.

[,10.0)
  • H
Timing Attack

Affected versions of this package are vulnerable to Timing Attack when HTTP Basic Auth is enabled with basic_auth_protocol_factory. This vulnerability can possibly be exploitable by guessing the password via a timing attack.

How to fix Timing Attack?

Upgrade websockets to version 9.1 or higher.

[8.0,9.1)
Go back to all versions of this package