Vulnerability in chatbox project

While working in chatbox project, I found that the application uses undici, which is affected by a denial-of-service vulnerability (CVE-2026-1526). The issue occurs in the WebSocket client’s PerMessageDeflate.decompress() method, which decompresses incoming frames without limiting the size of the decompressed data. 

[CVE Link](https://vulert.com/vuln-db/CVE-2026-1526)
[CVE Report](https://vulert.com/vuln-scan/list/ee6b9e94-e75e-4d47-993f-bf9d8765ded7?sort_order=desc&sort_by=created_at)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Vulnerability in chatbox project #3593

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Vulnerability in chatbox project #3593

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions