@fastify/websocket and fastify-websocket are vulnerable to denial of service. The vulnerability is due to the fastifyWebsocket
function in index.js
which crashes the application on an uncaught exception when processing a malformed packet.
github.com/fastify/fastify-websocket/commit/7e8c41a51c101c3d5ce88caee4f71d9c29eb2863
github.com/fastify/fastify-websocket/commit/c24adeb3efd57a18b2f287c35d029e88b5a47194
github.com/fastify/fastify-websocket/pull/228
github.com/fastify/fastify-websocket/releases/tag/v5.0.1
github.com/fastify/fastify-websocket/releases/tag/v7.1.1
github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq