Uncontrolled Recursion in ws
Cxb244cccc-f1c7
- ws
Summary
The package `ws` up to 1.1.5 is vulnerable to stack overflow, due to recursive function call on flush() in `lib/Sender.js`, when a message with multiple MessageHandlers is passed, leading to denial of service. This affects the availability.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-674 - Uncontrolled Recursion
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
References
Advisory Timeline
- Published
