npm

Severity: high

DoS due to excessively large websocket message

ws

Overview

Affected versions of ws do not appropriately limit the size of incoming websocket payloads, which may result in a denial of service condition when the node process crashes after receiving a large payload.

Remediation

Update to version 1.1.1 or later. Alternatively, set the maxpayload option for the ws server to a value smaller than 256MB.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jun 24th, 2016
  2. reported

    Initial report by Fedor Indutny
    Jun 24th, 2016