exploitDog

CVE-2020-36048

Опубликовано: 08 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.

Ссылки

https://blog.caller.xyz/socketio-engineio-dos/
Exploit
Third Party Advisory
https://github.com/bcaller/kill-engine-io
Third Party Advisory
https://github.com/socketio/engine.io/commit/734f9d1268840722c41219e69eb58318e0b2ac6b
Patch
Third Party Advisory
https://blog.caller.xyz/socketio-engineio-dos/
Exploit
Third Party Advisory
https://github.com/bcaller/kill-engine-io
Third Party Advisory
https://github.com/socketio/engine.io/commit/734f9d1268840722c41219e69eb58318e0b2ac6b
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:socket:engine.io:*:*:*:*:*:*:*:*

Версия до 4.0.0 (исключая)

EPSS

Процентиль: 74%

0.00797

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2020-36048

CVSS3: 7.5

redhat

около 6 лет назад

Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.

GHSA-j4f2-536g-r55m

CVSS3: 7.5

github

почти 4 года назад

Resource exhaustion in engine.io

EPSS

Процентиль: 74%

0.00797

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400