{"id":"PYSEC-2018-79","details":"aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.","aliases":["CVE-2018-1000518","GHSA-6g87-ff9q-v847"],"modified":"2023-11-01T04:48:37.349335Z","published":"2018-06-26T16:29:00Z","references":[{"type":"WEB","url":"https://github.com/aaugustin/websockets/pull/407"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-6g87-ff9q-v847"}],"affected":[{"package":{"name":"websockets","ecosystem":"PyPI","purl":"pkg:pypi/websockets"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0"}]}],"versions":["0.1","1.0","2.0","2.1","2.2","2.3","2.4","2.5","2.6","2.7","3.0","3.1","3.2","3.3","3.4","4.0","4.0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/websockets/PYSEC-2018-79.yaml"}}],"schema_version":"1.7.3"}