Feross

**Name of the Vulnerable Software and Affected Versions** ws versions prior to 1.0.1 **Description** A vulnerability was found in the ping functionality of the ws module, allowing clients to allocate memory by sending a ping frame. The ping functionality responds with a pong frame and the previously given payload of the ping frame. Internally, ws transforms all data to be sent into a Buffer instance without checking the type of data, which leads to the vulnerability. This issue can cause a remote memory disclosure in certain circumstances, potentially disclosing sensitive information that still exists in memory after previous use. **Recommendations** Update to version 1.0.1 or greater. As a temporary workaround, consider restricting the use of the `client.ping()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** bittorrent-dht versions prior to 5.1.3 **Description** A security issue in bittorrent-dht allows an attacker to send a specific series of messages to a listening peer, causing it to reveal internal memory. This remote memory disclosure vulnerability is mitigated by two factors: modern kernels zeroing out new memory pages before allocation, and Node.js managing Buffers in a way that only previously allocated Buffer memory can be leaked. **Recommendations** Update to version 5.1.3 or later.