Socket IO Client is vulnerable to denial of service. The vulnerability exists due to a null pointer dereference occurs when parsing invalid payload format which allows an attacker to cause an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
socket.io-client | eq | 2.0.0 | |
socket.io-client | le | 1.0.1 | |
socket.io-client | eq | 2.0.0 | |
socket.io-client | le | 1.0.1 |
github.com/advisories/GHSA-85xx-xhjm-rhrw
github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b
github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284
github.com/socketio/socket.io-client-java/issues/508%23issuecomment-1179817361
github.com/socketio/socket.io-client-java/releases/tag/socket.io-client-2.0.1