6 matches found
Resource exhaustion in socket.io-parser
Overview The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used. Recommendation Upgrade to versions 3.3.2, 3.4.1 or later References - CVE - GitHub Advisory...
CVE-2020-36049
socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...
AZL-45030 CVE-2020-36049 affecting package js-jquery 3.5.0-4
socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...
CVE-2020-36049
socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...
CVE-2020-36049
socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...
CVE-2020-36049
CVE-2020-36049 affects socket.io-parser; before version 3.4.1 it allows memory exhaustion/DoS via a large packet due to the library’s concatenation approach. Affected component is socket.io-parser (used with socket.io). The issue results in elevated memory usage and potential denial of service un...