PT-2026-41307 · Websocket · Ws
Published
2026-05-15
·
Updated
2026-05-15
·
CVE-2026-45736
CVSS v3.1
4.4
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ws