2 matches found
CVE-2020-24807
The CVE-2020-24807 issue affects the Node.js package socket.io-file up to version 2.0.31. The vulnerability stems from relying on client-side validation of file types, enabling an attacker to upload an executable file by modifying the name field in JSON, potentially leading to arbitrary code exec...
CVE-2020-15779
CVE-2020-15779: Path traversal in socket.io-file (Node.js) up to 2.0.31. The socket.io-file::createFile path uses path.join with ../ in the name, with uploadDir and rename options further determining the target path, enabling possible arbitrary file writes. Exploitation details are not provided i...