EUVD-2022-1064

Malicious code in bioql PyPI...

EUVD-2023-1610

Malicious code in bioql PyPI...

EUVD-2022-7419

Malicious code in bioql PyPI...

CVE-2023-31125 Uncaught exception in engine.io

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...

0.edsql (>=1.0.49 <=1.0.50), @codious/core (>=1.2.15 <=1.2.18) +99 more potentially affected by CVE-2022-21676 via engine.io (>=5.0.0 <=5.1.1)

engine.io NPM version =5.0.0, =1.0.49, =1.2.15, =0.5.3, =0.6.3, =0.6.3, =0.6.3, =0.6.3, =0.6.5, =0.6.4, =0.6.3, =0.6.3, =8.0.0, =2.0.0, =0.5.1-feat-1122.01a4d64d.130, =0.5.1-feat-1122.01a4d64d.130, =1.0.0-rc.3 and more Source cves: CVE-2022-21676 Source advisory: OSV:GHSA-273R-MGR4-V34F...

@ahora/socket.io (=3.0.3), @azteam/express (>=1.2.33 <=1.2.142) +22 more potentially affected by CVE-2022-21676 via engine.io (>=4.0.6 <=4.1.1)

engine.io NPM version =4.0.6, =1.2.33, =1.12.0, =3.0.0, =2.0.0-beta.6, =2.3.0-beta.20, =1.1.3, =2.2.26-3, =2.0.0, =0.9.301, =1.0.0, =0.4.0, =0.4.3 and more Source cves: CVE-2022-21676 Source advisory: OSV:GHSA-273R-MGR4-V34F...

Denial Of Service (DoS)

engine.io is vulnerable to denial of service DoS attacks. A remote attacker is able to cause denial of service conditions by ending the node.js process using a specially crafted HTTP request to trigger an uncaught exception in onWebSocket function...