NATS server’s WebSocket handler contains a pre-authentication memory exhaustion vulnerability that can be triggered by a crafted compressed frame — a “compression bomb” — allowing an unauthenticated attacker to force excessive memory allocation and potentially crash the server; the issue is...
