Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient validation when decoding a Socket.IO packet
Vulnerability Description
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Socket.IO 代码问题漏洞
Vulnerability Description
Socket.IO是Socket.IO公司的一个面向实时web 应用的 JavaScript 库。 Socket.IO 4.2.3之前版本存在安全漏洞,该漏洞源于特制的 Socket.IO 数据包可以在 Socket.IO 服务器上触发未捕获的异常,从而杀死 Node.js 进程。
CVSS Information
N/A
Vulnerability Type
N/A