← Back

Websockets

websockets

Vendor: Websockets Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-33880
2Oracle
Websockets Project
5Communications Cloud Native Core Policy
Communications Cloud Native Core Security Edge Protection ProxyCommunications Cloud Native Core Service Communication Proxy+2 more
Nov 21, 2024
Jun 6, 2021
N/A· v4
5.9 MEDIUM· v3
2.6 LOW· v2
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able...Show more
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.Show less
CVE-2018-1000518
1Websockets Project
1Websockets
Nov 21, 2024
Jun 26, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial...Show more
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.Show less