[Security] Unbounded WebSocket message size allows memory exhaustion DoS

## Summary
No maximum payload size configured on WebSocket servers, allowing memory exhaustion attacks.

## Affected Code
- `server-services/start-services.js` Line 173
- `server-game/start-game.js` Line 47

## Vulnerability
The `ws` library by default has no hard cap. Single huge messages can OOM the process.

## Impact
- Crash services or game servers
- Exhaust memory with single connection

## Recommended Fix
Set `maxPayload: 1048576` (1 MB) on WebSocketServer instantiation.

## References
- PR: https://github.com/onlypuppy7/LegacyShell/pull/43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Unbounded WebSocket message size allows memory exhaustion DoS #46

Summary

Affected Code

Vulnerability

Impact

Recommended Fix

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

[Security] Unbounded WebSocket message size allows memory exhaustion DoS #46

Description

Summary

Affected Code

Vulnerability

Impact

Recommended Fix

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions