### Impact
Any application using @fastify/websocket could crash if a specific, malformed packet is sent.
All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched.
### Patches
This has been patched in v7.1.1 (fastify v4) and v5.0.1 (fastify v3).
### Workarounds
No known workaround is available. However, it should be possible to attach the error handler manually.
The recommended path is upgrading to the patched versions.
## Credits
[marcolanaro](https://github.com/marcolanaro) for finding and patching this vulnerability
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [@fastify/websocket](https://github.com/fastify/fastify-websocket)
* Email us at [hello@matteocollina.com](mailto:hello@matteocollina.com)Read More