Описание
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-socket.io | itp | package |
EPSS
Процентиль: 78%
0.01132
Низкий
Связанные уязвимости
CVSS3: 10
nvd
больше 3 лет назад
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
CVSS3: 9.8
github
больше 3 лет назад
Insufficient validation when decoding a Socket.IO packet
EPSS
Процентиль: 78%
0.01132
Низкий