7 matches found
engine.io: Specially crafted HTTP request can trigger an uncaught exception
A flaw was found in engine.io. The Socket.IO Engine.IO is vulnerable to a denial of service caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote, authenticated attacker can cause the Node.js process to crash, resulting in a denial of service...
Engine.IO 安全漏洞
Engine.IO is Engine.IO open source implementation of a transport-based cross-browser/cross-device bi-directional communication layer. A security vulnerability exists in Engine.IO versions 5.1.0 through 6.4.1, which stems from a specially crafted HTTP request that can trigger an uncaught exception...
4cs-cli (>=0.0.28 <=0.0.36), @3kles/3kles-socketio (>=1.0.0 <=1.0.5) +497 more potentially affected by CVE-2023-31125 via engine.io (>=5.1.1 <=6.3.1)
engine.io NPM version =5.1.1, =0.0.28, =1.0.0, =5.1.0, =0.0.0, =0.0.1-2.1-beta-provision, =2.2.6, =2.3.10, =2.2.6, =2.1.15, =2.8.10, =2.7.0, =2.7.0, =2.5.1, =2.7.0, =2.9.36 and more Source cves: CVE-2023-31125 Source advisory: OSV:GHSA-Q9MW-68C2-J6M5...
AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...
Engine.IO 安全漏洞
Engine.IO is a transport-based implementation of Socket.IO's cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle...
0.edsql (>=1.0.49 <=1.0.50), 10secondsofcode-custom (=1.0.0) +1530 more potentially affected by CVE-2022-41940 via engine.io (>=4.0.6 <=6.1.3)
engine.io NPM version =4.0.6, =1.0.49, =1.0.0, =0.0.28, =1.0.1, =0.8.2, =1.0.0, =0.1.13, =0.0.4, =1.2.1, =1.0.1, =1.0.2 - @aaronconway7/create-gatsby-app =1.0.0 - @accio-cms/gatsby-starter-accio =0.0.1 - @achilleskal/awesome-blog =1.0.0 and more Source cves: CVE-2022-41940 Source advisory:...
@3kles/3kles-socketio (>=1.0.0 <=1.0.5), @livejack/broker (=1.3.4) +22 more potentially affected by CVE-2022-21676 via engine.io (=6.0.1)
engine.io NPM version =6.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on engine.io and may be impacted: - @3kles/3kles-socketio =1.0.0, =0.1.0, =8.1.2, =1.4.0, =0.4.11, =0.4.0, =0.4.0, =0.4.10, =0.4.11, =0.4.5, =5.0.0, =1.0.0-alpha.1, =1.0.0-alpha....