CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

@best/agent-hub (>=7.0.1 <=16.1.0), best (>=7.0.1 <=16.1.0) potentially affected by CVE-2020-15779 via socket.io-file (=2.0.31)

socket.io-file NPM version =2.0.31 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-file and may be impacted: - @best/agent-hub =7.0.1, =7.0.1, =16.1.0 Source cves: CVE-2020-15779 Source advisory: OSV:GHSA-9H4G-27M8-QJRG...