websocket-driver is vulnerable to Denial of Service (DoS)
89
High Risk
The Server driver, created via WebSocket::Driver.server(), parses the incoming HTTP Host header into server name and port using URI parsing while completing the request. A client can send a malformed Host header that is not a valid host[:port] value, which raises an uncaught URI::InvalidURIError. Before the fix this exception propagates out of the request parser and can crash the server process, causing a denial of service when the application does not itself rescue the error. The fix makes the request parser rescue URI::InvalidURIError and put the request into an error state so the connection is treated as invalid instead of raising.
You are affected if you are using a version that falls within the vulnerable range and are using the Server driver created via WebSocket::Driver.server().
websocket-driver is vulnerable to Denial of Service (DoS) in versions 0.0.1 - 0.8.1.
Upgrade the websocket-driver library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant