CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33880
https://notcve.org/view.php?id=CVE-2021-33880
06 Jun 2021 — The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. La biblioteca aaugustin websockets versiones anteriores a 9.1, para Python presenta una Discrepancia de Sincronización Observable en servidores cuando la Autenticación Básica HTTP está habilitada con basic_auth_protocol_factory(credentials=...). Un at... • https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000518
https://notcve.org/view.php?id=CVE-2018-1000518
26 Jun 2018 — aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5. aaugustin websockets 4 contiene una vulnerabilidad CWE-409: gestión incorrecta de datos altamente comp... • https://github.com/aaugustin/websockets/pull/407 • CWE-400: Uncontrolled Resource Consumption •