CVE-2026-33151
- EPSS 0.1%
- Veröffentlicht 20.03.2026 20:13:31
- Zuletzt bearbeitet 14.04.2026 18:22:20
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer ...
CVE-2023-32695
- EPSS 0.22%
- Veröffentlicht 27.05.2023 16:15:09
- Zuletzt bearbeitet 21.11.2024 08:03:52
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process...
CVE-2022-2421
- EPSS 1.26%
- Veröffentlicht 26.10.2022 10:15:16
- Zuletzt bearbeitet 06.02.2026 11:30:45
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
CVE-2020-36049
- EPSS 0.53%
- Veröffentlicht 08.01.2021 00:15:11
- Zuletzt bearbeitet 21.11.2024 05:28:41
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.