CVE-2021-32640
- Source
- https://cve.org/CVERecord?id=CVE-2021-32640
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32640.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-32640
- Aliases
- Downstream
- Related
- Published
- 2021-05-25T19:15:07.767Z
- Modified
- 2026-02-13T02:22:23.437804Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the
Sec-Websocket-Protocolheader can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the <code>--max-http-header-size=size</code> and/or the <code>maxHeaderSize</code> options. - References
-
- https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30%40%3Ccommits.tinkerpop.apache.org%3E
- https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
- https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
- https://security.netapp.com/advisory/ntap-20210706-0005/
- https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
- https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
- https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
Affected packages
Git / github.com/websockets/ws
Affected ranges
- Type
- GIT
- Repo
- https://github.com/websockets/ws
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed