Filtered by vendor Websockets Project
Subscriptions
Filtered by product Websockets
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-33880 | 2 Oracle, Websockets Project | 5 Communications Cloud Native Core Policy, Communications Cloud Native Core Security Edge Protection Proxy, Communications Cloud Native Core Service Communication Proxy and 2 more | 2024-11-21 | 5.9 Medium |
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. | ||||
CVE-2018-1000518 | 1 Websockets Project | 1 Websockets | 2024-11-21 | 7.5 High |
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. |
Page 1 of 1.