Description
A request with a number of headers exceeding the [server.maxHeadersCount][] threshold could be used to crash a ws server.
Recommendation
Update the ws package to the latest compatible version. Followings are version details:
Affected version(s): **>= 8.0.0, < 8.17.1 >= 7.0.0, < 7.5.10 >= 6.0.0, < 6.2.3 >= 2.1.0, < 5.2.4** Patched version(s): **8.17.1 7.5.10 6.2.3 5.2.4**
References
Related Issues
- Nuxt Icon affected by a Server-Side Request Forgery (SSRF) - CVE-2024-42352
- dectalk-tts Uses Unencrypted HTTP Request - CVE-2024-31206
- parse-server crashes when receiving file download request with invalid byte range - CVE-2022-39313
- Prometheus exporter process crash via malformed HTTP request - @opentelemetry/exporter-prometheus - CVE-2026-44902
You might also like:
- Tags:
- npm
- ws
Anything's wrong? Let us know Last updated on May 13, 2026