SecBoard
Zurück zur CVE-Übersicht

CVE-2026-45736

MEDIUM(4.4)

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score11/100 — NIEDRIG
  • CVSS 4.4 — Mittel

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.4

Technische Schwere

Beschreibung

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.

GitHub Advisories

GHSA-58qx-3vcg-4xpxMEDIUM

ws: Uninitialized memory disclosure

npm/ws8.20.1
GitHub Advisory

Referenzen