Websockets Project Websockets 4.0 for Python

CPE Details

Websockets Project Websockets 4.0 for Python
websockets_project
websockets
4.0
2022-02-09
13h50 +00:00
2022-02-09
13h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:websockets_project:websockets:4.0:*:*:*:*:python:*:*

Informations

Vendor

websockets_project

Product

websockets

Version

4.0

Target Software

python

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-33880 2021-06-06 12h05 +00:00 The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
5.9
Medium
CVE-2018-1000518 2018-06-26 14h00 +00:00 aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.
7.5
High