Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-32640

Опубликовано: 25 мая 2021
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ws_project:ws:*:*:*:*:*:node.js:*:*
Версия от 5.0.0 (включая) до 6.2.2 (исключая)
cpe:2.3:a:ws_project:ws:*:*:*:*:*:node.js:*:*
Версия от 7.0.0 (включая) до 7.4.6 (исключая)
Конфигурация 2
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%
0.00522
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400
CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2021-32640

CVSS3: 5.3
ubuntu
больше 4 лет назад

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.

redhat логотип

CVE-2021-32640

CVSS3: 5.3
redhat
больше 4 лет назад

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.

debian логотип

CVE-2021-32640

CVSS3: 5.3
debian
больше 4 лет назад

ws is an open source WebSocket client and server library for Node.js. ...

github логотип

GHSA-6fc8-4gx4-v693

CVSS3: 5.3
github
больше 4 лет назад

ReDoS in Sec-Websocket-Protocol header

fstec логотип

BDU:2021-04873

CVSS3: 5.3
fstec
почти 5 лет назад

Уязвимость клиент-серверной библиотеки WebSocket программного обеспечения Node-ws, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 66%
0.00522
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400
CWE-400