DEBIAN-CVE-2026-45736
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-45736
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-45736.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-45736
- Upstream
- Published
- 2026-05-15T15:16:54.103Z
- Modified
- 2026-05-20T09:00:13.831952958Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
- References
Affected packages
Debian:11 / node-ws
Package
- Name
- node-ws
- Purl
- pkg:deb/debian/node-ws?arch=source&distro=bullseye
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.4.2+~cs18.0.8-2
7.5.5+~cs13.0.13-1
8.*
8.5.0+~cs13.3.3-1
8.5.0+~cs13.3.3-2
8.6.0+~cs13.6.3-1
8.8.0+~cs13.6.3-1
8.8.1+~cs13.7.3-1
8.10.0+~cs13.7.3-1
8.11.0+~cs13.7.3-1
8.11.0+~cs13.7.3-2
8.18.0+~cs13.7.11-1
8.18.0+~cs14.5.15-1
8.18.1+~cs14.18.2-1
8.19.0+~cs14.19.1-1
8.20.1+~cs14.19.1-1
Debian:12 / node-ws
Package
- Name
- node-ws
- Purl
- pkg:deb/debian/node-ws?arch=source&distro=bookworm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / node-ws
Package
- Name
- node-ws
- Purl
- pkg:deb/debian/node-ws?arch=source&distro=trixie
Debian:14 / node-ws
Package
- Name
- node-ws
- Purl
- pkg:deb/debian/node-ws?arch=source&distro=forky