Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unhandled 'error' event in socket.io
Vulnerability Description
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Socket.IO 安全漏洞
Vulnerability Description
Socket.IO是Socket.IO公司的一个面向实时web 应用的 JavaScript 库。 Socket.IO存在安全漏洞,该漏洞源于特制的Socket.IO数据包可能会在服务器上触发未捕获的异常,从而终止Node.js进程。
CVSS Information
N/A
Vulnerability Type
N/A