Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
socket.io 安全漏洞
Vulnerability Description
socket.io是一款支持实时双向通行的应用程序框架。 socket.io 0.9.6及之前版本中存在安全漏洞,该漏洞源于程序依靠‘Math.random()’函数来创建套接字ID。攻击者可利用该漏洞猜测出套接字ID并获取socket.io服务器的访问权限,可能获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A