socket.io allows an unbounded number of binary attachments

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

PT-2022-16539

Name of the Vulnerable Software and Affected Versions Socket.io versions prior to 4.5.2 Socket.io-client versions prior to 4.5.0 Socket.io-parser versions prior to 4.2.1 Socket.io-parser versions prior to 4.0.5 Socket.io-parser versions prior to 3.4.2 Socket.io-parser versions prior to 3.3.3...

NodeBB Elevation of Privilege Vulnerability

NodeBB is a forum system built using Node.js a web application platform built on top of Google's V8 JavaScript engine by the Design Create Play team. A security vulnerability exists in the authentication logic in NodeBB versions 1.12.2 and later fixed in version 1.14.3. An attacker can exploit th...