Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncaught exception in engine.io
Vulnerability Description
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
Engine.IO 安全漏洞
Vulnerability Description
Engine.IO是Engine.IO开源的一个基于传输的跨浏览器/跨设备双向通信层的实现。 Engine.IO 5.1.0到6.4.1版本存在安全漏洞,该漏洞源于特制的 HTTP 请求可以在 Engine.IO 服务器上触发未捕获的异常,从而终止 Node.js 进程。
CVSS Information
N/A
Vulnerability Type
N/A