Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncaught exception in engine.io
Vulnerability Description
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
Engine.IO 安全漏洞
Vulnerability Description
Engine.IO是一个 Engine.IO 的基于传输的跨浏览器/跨设备双向通信层的实现。 Engine.IO存在安全漏洞,该漏洞源于特制的HTTP请求可以在服务器上触发未捕获的异常,从而终止Node.js进程。
CVSS Information
N/A
Vulnerability Type
N/A