Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off.
CVSS Information
N/A
Vulnerability Type
通道可被非端点访问(中间人攻击)
Vulnerability Title
engine.io-client 安全漏洞
Vulnerability Description
engine.io-client是一个跨浏览器、跨设备的、基于传输的实时应用程序框架。 engine.io-client 1.6.8及之前版本中存在安全漏洞,该漏洞源于在默认情况下程序没有验证证书。攻击者可利用该漏洞实施中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A