VDB

RHSA-2026%3A27171

RHSA-2026%3A27171 PUBLISHED CVSS 7.5 HIGH

A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Red Hatdotnet9-0-main@aarch64 as a component of Red Hat Hardened Images*
Red Hatdotnet9-0-main@src as a component of Red Hat Hardened Images*
Red Hatdotnet9-0-main@x86_64 as a component of Red Hat Hardened Images*

Timeline

  • Jun 19, 2026 CVE Published
  • Jun 19, 2026 CVE Updated
  • Jun 19, 2026 Distribution Patch
  • Jun 19, 2026 Distribution Patch
  • Jun 19, 2026 Security Advisory
  • Jun 19, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›