Regular Expression Denial of Service in Deno.upgradeWebSocket API

Impact

What kind of vulnerability is it? Who is impacted?

A specially crafted "Connection"/"Upgrade" header could have been used to significantly slow down web socket servers which used "Deno.upgradeWebSocket()" API.

Patches

Has the problem been patched? What versions should users upgrade to?

It is recommended that users upgrade to Deno 1.31.0.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Regular Expression Denial of Service in Deno.upgradeWebSocket API

Package

Affected versions

Patched versions

Description

Impact

Patches

Severity

CVSS base metrics

CVE ID

Weaknesses

Credits