socket.io-parser is vulnerable to type confusion. It is possible to overwrite the _placeholder
object due to improper type validation of attachment parsing in the _reconstructPacket
function, which allows an attacker to place references to functions at arbitrary places in the resulting query object.
csirt.divd.nl/cases/DIVD-2022-00045
csirt.divd.nl/cases/DIVD-2022-00045/
csirt.divd.nl/CVE-2022-2421
csirt.divd.nl/cves/CVE-2022-2421
csirt.divd.nl/cves/CVE-2022-2421/
csirt.divd.nl/DIVD-2022-00045
github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4
github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050