Skip to main content

Socket Io Parser

2 CVEs product

Monthly

CVE-2023-32695 npm HIGH PATCH This Week

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Socket Io Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2421 npm CRITICAL PATCH Act Now

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Socket Io Parser
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Socket Io Parser
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Socket Io Parser
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy