VYPR

npm package

uws

pkg:npm/uws

Vulnerabilities (1)

  • CVE-2016-10544MedMay 31, 2018
    affected >= 0.10.0, < 0.10.9fixed 0.10.9

    uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb paylo