The realtime-js repository currently uses ws@8.14.2 which contains a DoS vulnerability (CVE-2023-5416) affecting versions >=2.1.0 <5.2.4, >=6.0.0 <6.2.3, >=7.0.0 <7.5.10, and >=8.0.0 <8.17.1.
Impact
Servers are vulnerable to Denial of Service when received headers exceed server.maxHeadersCount or request.maxHeadersCount threshold.
Fix
Please upgrade ws to version 8.17.1 or higher.
Steps to reproduce:
Check package.json and package-lock.json
Bug report
The realtime-js repository currently uses ws@8.14.2 which contains a DoS vulnerability (CVE-2023-5416) affecting versions >=2.1.0 <5.2.4, >=6.0.0 <6.2.3, >=7.0.0 <7.5.10, and >=8.0.0 <8.17.1.
Impact
Servers are vulnerable to Denial of Service when received headers exceed server.maxHeadersCount or request.maxHeadersCount threshold.
Fix
Please upgrade ws to version 8.17.1 or higher.
Steps to reproduce: Check package.json and package-lock.json