Engine.Io 代码问题漏洞

Engine.Io is a transport-based implementation of the cross-browser/cross-device bi-directional communication layer of Socket. A code issue vulnerability exists in Engine.IO that stems from the product's failure to effectively handle exceptions raised by special HTTP requests. An attacker could us...

@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)

accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...

CVE-2020-36048

An uncontrolled resource consumption vulnerability was found in engine.io. If an attacker crafts a packet with a very large payload length or crafts many small packets, this can cause the engine.io to consume an ever increasing amount of memory and/or CPU, resulting in a denial of service. The...

CVE-2020-36048

Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

CVE-2020-36048

Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

AZL-44673 CVE-2020-36048 affecting package js-jquery 3.5.0-4

Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

Design/Logic Flaw

Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

CVE-2020-36048

Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

CVE-2020-36048

Engine.IO before 4.0.0 is vulnerable to denial of service via a malformed POST to the long-polling transport. Root cause: improper input validation leading to resource consumption. Impact: DoS with potential high CPU/memory usage. Affected products/versions include Engine.IO prior to 4.0.0. Remed...

GHSA-J3JP-GVR5-7HWQ python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

python-engineio vulnerable to Cross-Site Request Forgery (CSRF)

WebSocket cross-origin vulnerability Impact This is a Cross-Site Request Forgery CSRF vulnerability. It affects Socket.IO and Engine.IO web servers that authenticate clients using cookies. Patches python-engineio version 3.9.0 patches this vulnerability by adding server-side Origin header checks...

GHSA-4R4M-HJWJ-43P8 Insecure Defaults Allow MITM Over TLS in engine.io-client

Affected versions of engine.io-client do not verify certificates by default, and as such may be vulnerable to Man-in-the-Middle attacks. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, such as undefine...

Insecure Defaults Allow MITM Over TLS in engine.io-client

Affected versions of engine.io-client do not verify certificates by default, and as such may be vulnerable to Man-in-the-Middle attacks. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, such as undefine...

CVE-2016-10536

engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates ...

CVE-2016-10536

engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates ...

Cross site scripting

engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates ...

CVE-2016-10536

engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the rejectUnauthorized setting. If the value is something that evaluates ...

CVE-2016-10536

The CVE-2016-10536 issue affects engine.io-client (Socket.IO) prior to 1.6.9, where the client passes a settings object containing rejectUnauthorized; if not explicitly set, it can be passed as null, disabling certificate verification and exposing users to Man-in-the-Middle attacks. This behavior...