Описание
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingPatchRelease NotesThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingPatchRelease NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.1 (исключая)
cpe:2.3:a:socket:socket.io-client_java:*:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00882
Низкий
7.5 High
CVSS3
Дефекты
CWE-476
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference
EPSS
Процентиль: 75%
0.00882
Низкий
7.5 High
CVSS3
Дефекты
CWE-476