Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncaught Exception in engine.io
Vulnerability Description
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对因果或异常条件的不恰当检查
Vulnerability Title
Engine.Io 代码问题漏洞
Vulnerability Description
Engine.Io是一个 Socket.Io 的基于传输的跨浏览器/跨设备双向通信层的实现。 Engine.IO 中存在代码问题漏洞,该漏洞源于产品未对特殊HTTP请求引发的异常进行有效处理。攻击者可通过该漏洞导致异常并关闭nodejs引擎。
CVSS Information
N/A
Vulnerability Type
N/A