ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
The product uses or accesses a resource that has not been initialized.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ws | Ws_project | 8.0.0 (including) | 8.20.1 (excluding) |
| Red Hat Ansible Automation Platform 2.6 | RedHat | ansible-automation-platform-26/gateway-rhel9:1782761510 | * |
| Red Hat Developer Hub 1.9 | RedHat | rhdh/rhdh-hub-rhel9:1782761244 | * |
| Red Hat Discovery 2 | RedHat | discovery/discovery-ui-rhel9:1782166952 | * |
| Red Hat Hardened Images | RedHat | dotnet10-0-main-10.0.109-1.hum1 | * |
| Red Hat Hardened Images | RedHat | dotnet8-0-main-8.0.128-1.hum1 | * |
| Red Hat Hardened Images | RedHat | dotnet9-0-main-9.0.118-1.hum1 | * |
| Red Hat Hardened Images | RedHat | yarnpkg-main-1.22.22-18.1.hum1 | * |
| Node-ws | Ubuntu | upstream | * |