VYPR

PyPI package

websockets

pkg:pypi/websockets

Vulnerabilities (2)

  • CVE-2021-33880Jun 6, 2021
    affected < 9.1fixed 9.1

    The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

  • CVE-2018-1000518HigJun 26, 2018
    affected >= 4.0, < 5.0fixed 5.0

    aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be ex