The socket.io-parser
npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
Upgrade to versions 3.3.2, 3.4.1 or later
CPE | Name | Operator | Version |
---|---|---|---|
socket.io-parser | lt | 3.3.2 || =3.4.0 |