Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
socket.io allows an unbounded number of binary attachments
Vulnerability Description
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Socket.IO 代码问题漏洞
Vulnerability Description
Socket.IO是Socket.IO公司的一个面向实时web 应用的 JavaScript 库。 Socket.IO 3.3.5之前版本、3.4.4之前版本和4.2.6之前版本存在代码问题漏洞,该漏洞源于处理特制Socket.IO数据包时服务器会缓冲大量二进制附件,可能导致服务器内存耗尽。
CVSS Information
N/A
Vulnerability Type
N/A