socket.io-parser@4.0.1-rc3 vulnerabilities
socket.io protocol parser
-
latest version
4.2.4
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
a year ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the socket.io-parser package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
socket.io-parser is a socket.io protocol parser Affected versions of this package are vulnerable to Denial of Service (DoS) due to insufficient validation when decoding a packet. An attacker can send an event with a name like
How to fix Denial of Service (DoS)? Upgrade |
>=3.4.0 <3.4.3
>=4.0.0 <4.2.3
|
socket.io-parser is a socket.io protocol parser Affected versions of this package are vulnerable to Improper Input Validation.
when parsing attachments containing untrusted user input. Attackers can overwrite the How to fix Improper Input Validation? Upgrade |
<3.3.3
>=3.4.0 <3.4.2
>=4.0.0 <4.0.5
>=4.1.0 <4.2.1
|