The Python websockets library version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appears to be exploitable via sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in version 5.0
{ "nvd_published_at": "2018-06-26T16:29:00Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:19:15Z" }