Socket socket.io-parser 3.4.0 for Node.js

CPE Details

Socket socket.io-parser 3.4.0 for Node.js
socket
socket.io-parser
3.4.0
2021-01-08
18h54 +00:00
2021-01-08
18h54 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:socket:socket.io-parser:3.4.0:*:*:*:*:node.js:*:*

Informations

Vendor

socket

Product

socket.io-parser

Version

3.4.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-32695 2023-05-27 15h44 +00:00 socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.
7.5
Haute
CVE-2022-2421 2022-10-24 22h00 +00:00 Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
10
Critique
CVE-2020-36049 2021-01-07 22h24 +00:00 socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
7.5
Haute