### Background Lighttpd is a lightweight high-performance web server. ### Description Lighttpd's mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket hands ...

Continue Reading

November 15, 2022

[![](https://blogger.googleusercontent.com/img/a/AVvXsEgLC9Dxt9yBdiz2pq3Q2c74VF0pe_SsZ-WUdP5Si9Z6hkSqbUZV4E8-7312uXYH-WXijdbNanQGafOyRVPBAFrgm7vNOLJMAHmk6CRNx_hcnEkCNrhU-Z1WyrIBQ93rgNn6UUFoxpj5yIt3CQc ...

Continue Reading

November 15, 2022

[![](https://blogger.googleusercontent.com/img/a/AVvXsEg4W8DUvoZAz5gpA-NmxLHaP3iAIo_Yu8Z0By3oagKW8eix8CL46E8GUexK7gfFah68qJrOr8w5CaF_KhYcgtGborKR3MEybAV5dl02pllRXmJjjJThJ2gn3RaSgcfDiyBgnbDAZ8YXUI9E5z_ ...

Continue Reading

November 15, 2022

### Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not ...

Continue Reading

November 15, 2022

### Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not ...

Continue Reading

November 15, 2022

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impa ...

Continue Reading

November 15, 2022

@fastify/websocket and fastify-websocket are vulnerable to denial of service. The vulnerability is due to the `fastifyWebsocket` function in `index.js` which crashes the application on an uncaught exc ...

Continue Reading

November 15, 2022

WAFs were a top-notch security instrument a decade ago, but now they are not. They fail to protect APIs. Meanwhile, the number of API-specific vulnerabilities grew more than twofold in 2022. According ...

Continue Reading

October 17, 2022