Socketio Engine.IO Denial of Service Vulnerability

Engine.IO is a transport-based implementation of Socket.IO's cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle...

CVE-2022-41940

A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service...

CVE-2022-41940

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

Cross site scripting

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-41940

CVE-2022-41940 affects Engine.IO, the transport layer used by Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, causing the Node.js process to crash and resulting in a denial of service. Affected are Engine.IO versions prior to patches released...

CVE-2022-41940 Uncaught exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-41940 Uncaught exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

10cartsharing (>=1.0.0 <=1.0.3), 1api (>=0.0.1 <=0.0.2) +7082 more potentially affected by CVE-2022-41940 via engine.io (>=0.1.0 <=3.5.0)

engine.io NPM version =0.1.0, =1.0.0, =0.0.1, =0.1.0, =1.0.2, =1.0.0-RC.1, =0.1.0, =1.0.0, =4.11.25, =0.1.4, =0.0.15, =0.0.16 and more Source cves: CVE-2022-41940 Source advisory: OSV:GHSA-R7QP-CFHV-P84W...

GHSA-R7QP-CFHV-P84W Uncaught exception in engine.io

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. events.js:292 throw er; // Unhandled 'error' event ^ Error: read ECONNRESET at TCP.onStreamRead internal/streambasecommons.js:209:20 Emitted 'error' event on Socket...

Security Bulletin: IBM Cloud Pak for Security is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-21721 DESCRIPTION: Next.js is vulnerable to a denial of service, caused by a...

Resource exhaustion in engine.io

Engine.IO before 4.0.0 and 3.6.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

GHSA-J4F2-536G-R55M Resource exhaustion in engine.io

Engine.IO before 4.0.0 and 3.6.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

0.edsql (>=1.0.49 <=1.0.50), @codious/core (>=1.2.15 <=1.2.18) +99 more potentially affected by CVE-2022-21676 via engine.io (>=5.0.0 <=5.1.1)

engine.io NPM version =5.0.0, =1.0.49, =1.2.15, =0.5.3, =0.6.3, =0.6.3, =0.6.3, =0.6.3, =0.6.5, =0.6.4, =0.6.3, =0.6.3, =8.0.0, =2.0.0, =0.5.1-feat-1122.01a4d64d.130, =0.5.1-feat-1122.01a4d64d.130, =1.0.0-rc.3 and more Source cves: CVE-2022-21676 Source advisory: OSV:GHSA-273R-MGR4-V34F...

@ahora/socket.io (=3.0.3), @azteam/express (>=1.2.33 <=1.2.142) +22 more potentially affected by CVE-2022-21676 via engine.io (>=4.0.6 <=4.1.1)

engine.io NPM version =4.0.6, =1.2.33, =1.12.0, =3.0.0, =2.0.0-beta.6, =2.3.0-beta.20, =1.1.3, =2.2.26-3, =2.0.0, =0.9.301, =1.0.0, =0.4.0, =0.4.3 and more Source cves: CVE-2022-21676 Source advisory: OSV:GHSA-273R-MGR4-V34F...

Uncaught Exception in engine.io

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo /.../nodemodules/ws/lib/receiver.js:176:14 at Receiver.startLoop...

Denial Of Service (DoS)

engine.io is vulnerable to denial of service DoS attacks. A remote attacker is able to cause denial of service conditions by ending the node.js process using a specially crafted HTTP request to trigger an uncaught exception in onWebSocket function...

Cross site scripting

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-21676 Uncaught Exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-21676

CVE-2022-21676 affects Engine.IO (used by Socket.IO) andCan trigger an uncaught exception on the Engine.IO server via a specially crafted HTTP request, crashing the Node.js process. Impact starts with engine.io version 4.0.0; versions prior to 4.0.0 are not affected. Patches are released per majo...

CVE-2022-21676 Uncaught Exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...