CVE-2022-2421

CVE-2022-2421 : The vulnerability arises from improper type validation in the Socket.io attachment parsing, allowing overwriting of the _placeholder object and potentially placing function references in the resulting query object. In IBM App Connect Enterprise Certified Container, this could enab...

CVE-2023-32695

CVE-2023-32695 affects the socket.io-parser component (a Socket.IO encoder/decoder) used with Node.js services. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, causing the Node.js process to crash. A fix has been released in version 4.2.3 of socket....

CVE-2020-36049

CVE-2020-36049 affects socket.io-parser; before version 3.4.1 it allows memory exhaustion/DoS via a large packet due to the library’s concatenation approach. Affected component is socket.io-parser (used with socket.io). The issue results in elevated memory usage and potential denial of service un...

CVE-2026-33151

CVE-2026-33151 affects Socket.IO. In affected releases (prior to 3.3.5, 3.4.4, and 4.2.6) a crafted Socket.IO packet can cause the server to buffer a large number of binary attachments, potentially exhausting memory. The vulnerability is patched in 3.3.5, 3.4.4, and 4.2.6. Some connected IBM bull...