{"data":{"id":"d00fa48e-7f5e-474e-8e66-79dc4d59989b","title":"GHSA-3jr7-6hqp-x679: Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service","summary":"Mesop, a web framework, has a vulnerability in its WebSocket (a protocol for real-time two-way communication between client and server) handler where it creates a new operating system thread for every incoming message without any limits. An attacker can send thousands of messages rapidly, exhausting the server's thread capacity and causing an Out of Memory error that crashes the application for all users.","solution":"The source text recommends four mitigation strategies: (1) Use a bounded thread pool (such as ThreadPoolExecutor with max_workers), (2) Introduce per-connection rate limiting, (3) Implement a message queue with backpressure (preventing queue overflow by slowing down senders), or (4) Consider migrating to an async event loop model instead of spawning OS threads. No specific patch version or code fix is provided.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-3jr7-6hqp-x679","publishedAt":"2026-04-03T21:54:36.000Z","cveId":"CVE-2026-34824","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["mesop@>= 1.2.3, < 1.2.5 (fixed: 1.2.5)"],"affectedVendors":[],"affectedVendorsRaw":["Mesop"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-03T21:54:36.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}