Tag

Erlang

1 brief RSS

Bandit WebSocket permessage-deflate unbounded inflate leads to DoS

Bandit versions 0.5.8 before 1.11.0 are vulnerable to denial of service when permessage-deflate is enabled, allowing an unauthenticated client to exhaust the BEAM's memory with a single, small, compressed WebSocket frame due to unbounded decompression.

bandit websocket denial-of-service erlang

3r 6t 37m ago