Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.12 views

EUVD-2020-0547

Malware in sbrugna...

7.5CVSS7.6AI score0.01581EPSS
Exploits1References6
OSV
OSVadded 2021/05/10 6:38 p.m.6 views

GHSA-R2GR-FHMR-66C5 Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references. Original Description "The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows...

7.8CVSS6.2AI score0.02009EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2021/05/10 6:38 p.m.45 views

Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references. Original Description "The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows...

7.8CVSS7.9AI score0.02009EPSS
Exploits0References6Affected Software1
NVD
NVDadded 2020/10/06 6:15 p.m.10 views

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

7.8CVSS0.02009EPSS
Exploits0References4
Prion
Prionadded 2020/10/06 6:15 p.m.13 views

Input validation

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

6.8CVSS8AI score0.02009EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2020/10/06 5:10 p.m.17 views

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

8AI score0.02009EPSS
Exploits0References4
CVE
CVEadded 2020/10/06 5:10 p.m.66 views

CVE-2020-24807

The CVE-2020-24807 issue affects the Node.js package socket.io-file up to version 2.0.31. The vulnerability stems from relying on client-side validation of file types, enabling an attacker to upload an executable file by modifying the name field in JSON, potentially leading to arbitrary code exec...

7.8CVSS7.9AI score0.02009EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsvadded 2020/10/02 3:39 p.m.1 views

@best/agent-hub (>=7.0.1 <=17.0.0), best (>=7.0.1 <=17.0.0) potentially affected by CVE-2020-24807 via socket.io-file (=2.0.31)

socket.io-file NPM version =2.0.31 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-file and may be impacted: - @best/agent-hub =7.0.1, =7.0.1, =17.0.0 Source cves: CVE-2020-24807 Source advisory: OSV:GHSA-6495-8JVH-F28X...

7.8CVSS7.2AI score0.02009EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2020/10/02 3:39 p.m.26 views

File restriction bypass in socket.io-file

All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. No fix is currently...

7.8CVSS3.4AI score0.02009EPSS
Exploits0References4Affected Software1
Node.js
Node.jsadded 2020/10/02 3:35 p.m.41 views

File restriction bypass in socket.io-file

Overview All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. Recommendation No...

6.9AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologiesadded 2020/10/02 12:0 a.m.4 views

PT-2020-15839 · Node.Js · Socket.Io-File

Name of the Vulnerable Software and Affected Versions: socket.io-file versions through 2.0.31 Description: The socket.io-file package for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified...

7.8CVSS8AI score0.02009EPSS
Exploits0References10
Packet Storm
Packet Stormadded 2020/07/27 12:0 a.m.462 views

Socket.io-file 2.0.31 Arbitrary File Upload

Exploit Title: Socket.io-file 2.0.31 - Arbitrary File Upload Date: 2020-07-02 Exploit Author: Cr0wTom Vendor Homepage: https://www.npmjs.com/package/socket.io-file Software Link: https://www.npmjs.com/package/socket.io-file/v/2.0.31 Version: = v2.0.31 Tested on: node v10.19.0, Socket.io-file...

Exploits0
Exploit DB
Exploit DBadded 2020/07/26 12:0 a.m.215 views

Socket.io-file 2.0.31 - Arbitrary File Upload

Exploit Title: Socket.io-file 2.0.31 - Arbitrary File Upload Date: 2020-07-02 Exploit Author: Cr0wTom Vendor Homepage: https://www.npmjs.com/package/socket.io-file Software Link: https://www.npmjs.com/package/socket.io-file/v/2.0.31 Version: = v2.0.31 Tested on: node v10.19.0, Socket.io-file...

7.4AI score
Exploits0
OSV
OSVadded 2020/07/15 9:15 p.m.1 views

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

7.5CVSS7.1AI score0.01581EPSS
Exploits1References4
Prion
Prionadded 2020/07/15 9:15 p.m.11 views

Path traversal

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

5CVSS7.5AI score0.01581EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2020/07/15 8:42 p.m.27 views

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

7.5AI score0.01581EPSS
Exploits1References4
CVE
CVEadded 2020/07/15 8:42 p.m.49 views

CVE-2020-15779

CVE-2020-15779: Path traversal in socket.io-file (Node.js) up to 2.0.31. The socket.io-file::createFile path uses path.join with ../ in the name, with uploadDir and rename options further determining the target path, enabling possible arbitrary file writes. Exploitation details are not provided i...

7.5CVSS7.5AI score0.01581EPSS
Exploits1References4Affected Software1
Veracode
Veracodeadded 2020/07/08 11:39 p.m.14 views

Path Traversal

socket.io-file is vulnerable to path traversal. The vulnerability is possible as file upload paths are generated by directly passing unsanitised user-provided name to path.join in the function socket.io-file::createFile through uploadDir and rename options...

7.5CVSS3AI score0.01581EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blogadded 2020/07/07 7:24 p.m.55 views

Path Traversal in socket.io-file

All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...

7.5CVSS3.2AI score0.01581EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2020/07/07 7:24 p.m.0 views

GHSA-9H4G-27M8-QJRG Path Traversal in socket.io-file

All versions of socket.io-file are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The socket.io-file::createFile message contains a name option that is passed directly to path.join. It is possible to upload files to arbitrary...

7.5CVSS5.9AI score0.01581EPSS
Exploits1References5
Rows per page
Query Builder