Описание
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-ws | fixed | 1.1.0+ds1.e6ddaae4-5 | package | |
| node-ws | fixed | 1.1.0+ds1.e6ddaae4-3+deb9u1 | stretch | package |
| node-ws | end-of-life | jessie | package |
Примечания
https://nodesecurity.io/advisories/120
https://github.com/nodejs/node/issues/7388
Связанные уязвимости
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
