CVE-2021-32640: Uncontrolled Resource Consumption

May 25, 2021 (updated November 7, 2023)

ws is an open source WebSocket client and server library for Node. In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers.

References

nvd.nist.gov/vuln/detail/CVE-2021-32640

Detect and mitigate CVE-2021-32640 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →