AIKIDO-2026-11129
websocket-driver is vulnerable to Denial of Service (DoS)
63
Medium Risk
This Affects:
websocket-driverTL;DR
The HTTP header parser used during WebSocket handshakes previously limited individual line length but not total header volume. A peer can send a never-ending HTTP request or response header list over one connection. In TCP-based server or client integrations this can grow memory without bound until the process is exhausted. The fix caps total request line and header bytes at 32 KB.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and implement a WebSocket server on top of a TCP server using WebSocket::Driver.server(), or use the library to complement a WebSocket client.
Background info
websocket-driver is vulnerable to Denial of Service (DoS) in versions 0.0.1 - 0.8.0.
How to fix this
Upgrade the websocket-driver library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant