Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-85553
HistoryNov 24, 2022 - 12:00 a.m.

Socketio Engine.IO Denial of Service Vulnerability

2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
denial of service
socketio
engine.io
version 3.6.1
version 4.0.0
version 6.2.1
error messages
attackers

EPSS

0.001

Percentile

40.8%

Engine.IO is a transport-based implementation of Socket.IO’s cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to launch denial-of-service attacks.

EPSS

0.001

Percentile

40.8%