CVE-2022-2421

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

Input validation

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

Socket.IO SQL注入漏洞

Socket.IO is a JavaScript library for real-time web applications from Socket.IO. A security vulnerability exists in Socket.IO that stems from incorrect type validation when an attachment parses the Socket.io js library...

CVE-2022-2421 Socket.io - Improper type validation in attachment parsing

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

CVE-2022-2421

CVE-2022-2421 : The vulnerability arises from improper type validation in the Socket.io attachment parsing, allowing overwriting of the _placeholder object and potentially placing function references in the resulting query object. In IBM App Connect Enterprise Certified Container, this could enab...

CVE-2022-2421 Socket.io - Improper type validation in attachment parsing

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

MAL-2022-6199 Malicious code in socket.ioo-cient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07f01ed54db7c593f762bbcdbd2efed41f85c33c880ea63476c04a699db7c23b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in socket.oi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e80f55e61d9e2e8892954a725c597094a2ac1d7214d7d4a81f9910ce20caea4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference

The package io.socket:socket.io-client before 2.0.1 is vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format...

Null pointer dereference

The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format...

CVE-2022-25867

CVE-2022-25867 affects io.socket:socket.io-client (Java) pre-2.0.1. A NULL pointer dereference when parsing a packet with an invalid payload format can lead to denial of service. NVD lists a base score of 7.5 HIGH (NETWORK, low complexity, no user interaction). Public details confirm the issue in...

PT-2022-17577 · Unknown · Io.Socket:Socket.Io-Client

Name of the Vulnerable Software and Affected Versions: io.socket:socket.io-client versions prior to 2.0.1 Description: The issue is related to a NULL Pointer Dereference that occurs when parsing a packet with an invalid payload format. This can happen in the io.socket:socket.io-client package...

CVE-2022-21676

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

Cross site scripting

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

CVE-2022-21676

CVE-2022-21676 affects Engine.IO (used by Socket.IO) andCan trigger an uncaught exception on the Engine.IO server via a specially crafted HTTP request, crashing the Node.js process. Impact starts with engine.io version 4.0.0; versions prior to 4.0.0 are not affected. Patches are released per majo...

CVE-2022-21676 Uncaught Exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...

Resource exhaustion in socket.io-parser

Overview The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used. Recommendation Upgrade to versions 3.3.2, 3.4.1 or later References - CVE - GitHub Advisory...

GHSA-XFHH-G9F5-X4M4 Resource exhaustion in socket.io-parser

The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

Resource exhaustion in socket.io-parser

The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references. Original Description "The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows...