This impacts numerous downstream packages that source this package for websocket behaviours.
A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6)
Reported Security Vulnerability with dependency package "ws" https://www.mend.io/vulnerability-database/CVE-2024-37890
This impacts numerous downstream packages that source this package for websocket behaviours.