engine.io@0.3.7 vulnerabilities

The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server

  • latest version

    6.6.2

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the engine.io package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server

    Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process.

    How to fix Denial of Service (DoS)?

    Upgrade engine.io to version 3.6.1, 6.2.1 or higher.

    <3.6.1>=4.0.0 <6.2.1
    • H
    Denial of Service (DoS)

    engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server

    Affected versions of this package are vulnerable to Denial of Service (DoS) via a POST request to the long polling transport.

    How to fix Denial of Service (DoS)?

    Upgrade engine.io to version 3.6.0 or higher.

    <3.6.0
    • M
    Denial of Service (DoS)

    engine.io is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. It provides the foundation of a bidirectional connection between client and server.

    Affected versions of the package are vulnerable to Denial of Service (DoS) by sending many upgrade events. A client could possibly create a lot of intervals without the old ones having a chance of being cleared.

    How to fix Denial of Service (DoS)?

    Upgrade engine.io to version 1.0.0 or higher.

    <1.0.0