CVE-2016-10532
The CVE-2016-10532 issue concerns the console-io module, specifically versions 2.2.13 and earlier, where socket.io is not configured to require authentication. This allows an attacker to connect via WebSocket, bypass authentication, and execute commands with the same privileges as the console-io ...