EPSS
Percentile
82.5%
socket.io-file is vulnerable to authorization bypass. The validation for valid file types happens on the client-side and allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types.
github.com/advisories/GHSA-6495-8jvh-f28x
github.com/rico345100/socket.io-file
www.npmjs.com/advisories/1564
www.npmjs.com/package/socket.io-file