CVE-2016-10542
NONE EPSS 93.8%
Published May 31, 20188y ago · Modified Jun 17, 20262w ago
Published May 31, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
Threat Intelligence
EPSS Exploit Probability
93.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-20 Improper Input Validation Validation
CWE-400 Uncontrolled Resource Consumption Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| ws_project | ws | * | ≤1.1.0 |
References 2
- github.com https://github.com/nodejs/node/issues/7388
- nodesecurity.io https://nodesecurity.io/advisories/120
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.