Описание
CORS misconfiguration in socket.io
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-28481
- https://github.com/socketio/socket.io/issues/3671
- https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1056358
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1056357
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
Пакеты
Наименование
socket.io
npm
Затронутые версииВерсия исправления
< 2.4.0
2.4.0
Связанные уязвимости
CVSS3: 5.3
nvd
около 5 лет назад
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.