Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ws affected by a DoS when handling a request with many HTTP headers #45108

Open
pranshuchittora opened this issue Jun 21, 2024 · 3 comments
Open

ws affected by a DoS when handling a request with many HTTP headers #45108

pranshuchittora opened this issue Jun 21, 2024 · 3 comments
Labels
Help Wanted :octocat: Issues ideal for external contributors. 🌐Networking Related to a networking API.

Comments

@pranshuchittora
Copy link

Description

ws affected by a DoS when handling a request with many HTTP headers
GHSA-3h5v-q93c-6h6q

Solution

Bump WS
https://github.com/facebook/react-native/blob/main/packages/react-native/package.json#L147

Steps to reproduce

NA

React Native Version

Affected Platforms

Other (please specify)

Output of npx react-native info

NA

Stacktrace or Logs

NA

Reproducer

NA

Screenshots and Videos

No response
@github-actions GitHub Actions
Copy link

⚠️ Add or Reformat Version Info
ℹ️ We could not find or parse the version number of React Native in your issue report. Please use the template, and report your version including major, minor, and patch numbers - e.g. 0.70.2

@github-actions github-actions bot added Needs: Author Feedback 🌐Networking Related to a networking API. Needs: Repro This issue could be improved with a clear list of steps to reproduce the issue. and removed Needs: Triage 🔍 labels Jun 21, 2024
@github-actions GitHub Actions
Copy link

⚠️ Missing Reproducible Example
ℹ️ We could not detect a reproducible example in your issue report. Please provide either:
  • If your bug is UI related: a Snack
  • If your bug is build/update related: use our Reproducer Template. A reproducer needs to be in a GitHub repository under your username.

@cortinico
Copy link
Contributor

Bump WS main/packages/react-native/package.json#L147

The dependency is already using the caret:

react-native/packages/react-native/package.json

Line 147 in f7fe688

"ws": "^6.2.2",

So you will be pulling in a patched version of ws when you yarn/npm install.

Anyway, if you wish to bump the base package version, feel free to send a PR.

@cortinico cortinico added Help Wanted :octocat: Issues ideal for external contributors. and removed Needs: Author Feedback Needs: Repro This issue could be improved with a clear list of steps to reproduce the issue. Needs: Version Info labels Jun 22, 2024
@pranshuchittora pranshuchittora mentioned this issue Jun 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help Wanted :octocat: Issues ideal for external contributors. 🌐Networking Related to a networking API.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Deps: bumps ws version which patches a security vulnerability pranshuchittora/react-native
2 participants
@cortinico @pranshuchittora