Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references. Original Description "The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows...

Security Bulletin: Multiple vulnerabilities in socket.io and Cryptography affect IBM Spectrum LSF Simulator and IBM Spectrum LSF Predictor

Summary There are multiple vulnerabilities in socket.io and Cryptography used by IBM Spectrum LSF Simulator and IBM Spectrum LSF Predictor. IBM Spectrum LSF Simulator and IBM Spectrum LSF Predictor have addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in...

Insecure Default Configuration

Overview Affected versions of socket.io are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. Recommendation Update to version 2.4.0 or later. References - GitHub Advisory - Snyk Advisory...

Cross-site Request Forgery (CSRF)

socket.io is vulnerable to Cross-site Request Forgery CSRF. The vulnerability exists because of Websocket Hijacking allowing an attacker to bypass origin protection using special symbols that includes "" and "$"...

10cartsharing (>=1.0.0 <=1.0.3), 1api (>=0.0.1 <=0.0.2) +7992 more potentially affected by CVE-2020-28481 via socket.io (>=0.5.3 <=2.3.0)

socket.io NPM version =0.5.3, =1.0.0, =0.0.1, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =1.0.0, =4.11.25, =0.1.4, =0.0.15, =0.0.16 and more Source cves: CVE-2020-28481 Source advisory: OSV:GHSA-FXWF-4RQH-V8G3...

GHSA-FXWF-4RQH-V8G3 CORS misconfiguration in socket.io

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

CORS misconfiguration in socket.io

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

CVE-2020-36049

An uncontrolled resource consumption vulnerability was found in socket.io-parser. If an attacker crafts a packet with a very large payload length, this can cause the parser to consume an ever-increasing amount of memory, resulting in a denial of service. The highest threat from this vulnerability...

Insecure Cross-Origin Resource Sharing Configuration

socket.io uses an insecure cross-origin resource sharing configuration. All domains are whitelisted by default and allows cross-origin resource sharing, leading to information disclosure...

CVE-2020-28481

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

CVE-2020-28481

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

AZL-44430 CVE-2020-28481 affecting package js-jquery 3.5.0-4

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

Default credentials

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

CVE-2020-28481 Insecure Defaults

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

Denial Of Service (DoS)

socket.io-parser is vulnerable to denial of service. The vulnerability exists due to the building up of ConsOneByteString objects caused by a concatenation approach when maxHttpBufferSize is set to a large size...

CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

DEBIAN-CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

Design/Logic Flaw

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

CVE-2020-36049

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...