Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAnonymousNODEJS:1763
HistoryJun 30, 2021 - 4:56 p.m.

Resource exhaustion in socket.io-parser

2021-06-3016:56:54
Anonymous
www.npmjs.com
243

0.002 Low

EPSS

Percentile

64.5%

JSON

Overview

The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Recommendation

Upgrade to versions 3.3.2, 3.4.1 or later

References

CPENameOperatorVersion
socket.io-parserlt3.3.2 || =3.4.0

Related

nvd 1
cve 1
veracode 1
osv 2
ubuntucve 1
redhatcve 1
prion 1
cvelist 1
debiancve 1
github 1
ibm 1
nvd
nvd
CVE-2020-36049
2021-01-08 00:15:11
cve
cve
CVE-2020-36049
2021-01-08 00:15:11
veracode
veracode
Denial Of Service (DoS)
2021-01-08 06:29:00
osv
osv
CVE-2020-36049
2021-01-08 00:15:11
Resource exhaustion in socket.io-parser
2021-06-30 16:51:31
ubuntucve
ubuntucve
CVE-2020-36049
2021-01-08 00:00:00
redhatcve
redhatcve
CVE-2020-36049
2021-01-20 11:21:01
prion
prion
Design/Logic Flaw
2021-01-08 00:15:00
cvelist
cvelist
CVE-2020-36049
2021-01-07 23:24:23
debiancve
debiancve
CVE-2020-36049
2021-01-08 00:15:11
github
github
Resource exhaustion in socket.io-parser
2021-06-30 16:51:31
ibm
ibm
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
2023-01-19 13:54:16

0.002 Low

EPSS

Percentile

64.5%

JSON
Related for NODEJS:1763
nvd1cve1veracode1osv2ubuntucve1redhatcve1prion1cvelist1debiancve1github1ibm1