Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.webjars.npm/ws 8.5.0 | Vulnerabilities | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
org.webjars.npm
ws
8.5.0
ws 8.5.0
org.webjars.npm
Published
Apr 4, 2022
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
49
Versions
49
Vulnerabilities
2
Vulnerabilities
2
Dependencies
0
Dependencies
0
Severity
Critical
(0)
High
(2)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
8.7
CVE-2026-48779
ws - Uncontrolled Resource Consumption
affected
Severity
High
Published
May 23, 2026
8.7
CVE-2024-37890
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3 (eeb76d3), and ws@5.2.4 (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
affected
Severity
High
Published
Jun 18, 2024
