CVE-2016-10542

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
31/05/2018
Last modified:
09/10/2019

Description

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ws_project:ws:*:*:*:*:*:node.js:*:* 1.1.0 (including)