CVE-2016-10542

Name of the Vulnerable Software and Affected Versions ws versions 1.1.0 and earlier

Description The issue allows an attacker to crash the node process by sending an overly long websocket payload to a ws server. This is due to the affected versions of ws not appropriately limiting the size of incoming websocket payloads, resulting in a denial of service condition.

Recommendations Update to version 1.1.1 or later. Alternatively, set the maxpayload option for the ws server to a value smaller than 256MB.