CVE-2022-2421

CVE-2022-2421 : The vulnerability arises from improper type validation in the Socket.io attachment parsing, allowing overwriting of the _placeholder object and potentially placing function references in the resulting query object. In IBM App Connect Enterprise Certified Container, this could enab...

CVE-2020-36049

CVE-2020-36049 affects socket.io-parser; before version 3.4.1 it allows memory exhaustion/DoS via a large packet due to the library’s concatenation approach. Affected component is socket.io-parser (used with socket.io). The issue results in elevated memory usage and potential denial of service un...

CVE-2026-33151

The connected advisory for GHSA-677M-J7P3-52F9 documents a vulnerability in Socket.IO where a specially crafted packet can cause the server to wait for numerous binary attachments and exhaust memory. Affected ranges and fixes are: • socket.io and socket.io-client >=4.0.0 =3.4.0 <3.4.4 (fixe...