Socket.io - Improper type validation in attachment parsing

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Socket.IO SQL注入漏洞

Socket.IO是Socket.IO公司的一个面向实时web 应用的 JavaScript 库。 Socket.IO 存在安全漏洞，该漏洞源于附件解析Socket.io js库时的类型验证不正确。

N/A

N/A