HIGH

GHSA-6663-c963-2gqg

DoS due to excessively large websocket message in ws

Details

Affected versions of `ws` do not appropriately limit the size of incoming websocket payloads, which may result in a denial of service condition when the node process crashes after receiving a large payload.

## Recommendation

Update to version 1.1.1 or later. Alternatively, set the `maxpayload` option for the `ws` server to a value smaller than 256MB.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / ws

Introduced in: 0 Fixed in: 1.1.1

Fix npm install ws@1.1.1

References

https://nvd.nist.gov/vuln/detail/CVE-2016-10542 [ADVISORY]
https://github.com/nodejs/node/issues/7388 [WEB]
https://github.com/advisories/GHSA-6663-c963-2gqg [ADVISORY]
https://www.npmjs.com/advisories/120 [WEB]