Vulnerability	Vulnerable Version
M Insecure Defaults socket.io is a node.js realtime framework server. Affected versions of this package are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. How to fix Insecure Defaults? Upgrade `socket.io` to version 2.4.0 or higher.	<2.4.0
M Insecure Randomness `socket.io` is a node.js realtime framework server. Affected versions of the package are vulnerable to Insecure Randomness due to the cryptographically insecure `Math.random` function which can produce predictable values and should not be used in security-sensitive context. How to fix Insecure Randomness? Upgrade `socket.io` to version 0.9.7 or higher.	<0.9.7
M Cross-site Scripting (XSS) `socket.io` is a node.js realtime framework server. Affected versions of the package are vulnerable to Cross-site Scripting (XSS) due to insufficient user input validation in the `jsonp-polling` function. Attackers may exploit this by injecting arbitrary script into the browser. You can read more about `Cross-site Scripting (XSS)` on our blog. How to fix Cross-site Scripting (XSS)? Upgrade `socket.io` to version 0.9.6 or higher.	<0.9.6

Go back to all versions of this package