GMS-2017-331: Denial of Service

November 8, 2017

A specially crafted value of the Sec-WebSocket-Extensions header that uses Object.prototype property names as extension or parameter names can be used to make a ws server crash.

References

github.com/websockets/ws/commit/c4fe46608acd61fbf7397eadc47378903f95b78a
github.com/websockets/ws/releases/tag/3.3.1

Code Behaviors & Features

Detect and mitigate GMS-2017-331 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →