2.0.31
8 years ago
5 years ago
Known vulnerabilities in the socket.io-file package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
socket.io-file is a File uploader module for Socket.io Affected versions of this package are vulnerable to File Type Restriction Bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the How to fix File Type Restriction Bypass? There is no fixed version for | * |
socket.io-file is a File uploader module for Socket.io Affected versions of this package are vulnerable to Directory Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The How to fix Directory Traversal? There is no fixed version for | * |