Unhandled 'error' event in socket.io

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

输入验证不恰当

Socket.IO 安全漏洞

Socket.IO是Socket.IO公司的一个面向实时web 应用的 JavaScript 库。 Socket.IO存在安全漏洞，该漏洞源于特制的Socket.IO数据包可能会在服务器上触发未捕获的异常，从而终止Node.js进程。

N/A

N/A