Количество 2
Количество 2
CVE-2017-16031
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.
GHSA-qv2v-m59f-v5fw
Insecure randomness in socket.io
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-16031 Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information. | CVSS3: 7.5 | 0% Низкий | больше 7 лет назад |
| GHSA-qv2v-m59f-v5fw Insecure randomness in socket.io | CVSS3: 7.5 | 0% Низкий | больше 7 лет назад |
Уязвимостей на страницу