CVE-2022-41940

CVE-2022-41940 affects Engine.IO, the transport layer used by Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, causing the Node.js process to crash and resulting in a denial of service. Affected are Engine.IO versions prior to patches released...

CVE-2020-36048

Engine.IO before 4.0.0 is vulnerable to denial of service via a malformed POST to the long-polling transport. Root cause: improper input validation leading to resource consumption. Impact: DoS with potential high CPU/memory usage. Affected products/versions include Engine.IO prior to 4.0.0. Remed...