ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455" By sending an overly long websocket payload to a ws server, it is possible to crash the node process. External references: https://nodesecurity.io/advisories/120 Upstream bug: https://github.com/nodejs/node/issues/7388
Created nodejs-ws tracking bugs for this issue: Affects: fedora-all [bug 1351231] Affects: epel-all [bug 1351232]
Statement: This issue affects the versions of nodejs-ws as shipped with Red Hat OpenShift Enterprise 2. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
nodejs-ws-1.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
nodejs-ws-1.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
CVE assignment: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc
nodejs-ws-1.1.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
nodejs-ws-1.1.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.