CVE-2026-45736
Published
CVSS v3
4.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
Simple to use, blazing fast and thoroughly tested WebSocket client and server for Node.js
GitHub