5 matches found
CVE-2017-16031
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...
CVE-2017-16031
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...
Information disclosure
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...
CVE-2017-16031
Socket.io (pre-0.9.7) uses Math.random() to generate socket IDs, making them predictable. The vulnerability allows an attacker to guess a valid socket ID and gain unauthorized access to socket.io servers, potentially exposing sensitive information. The advisory editions in the connected documents...
CVE-2017-16031
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtainin...