Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2421 | 1 Socket | 1 Socket.io-parser | 2023-02-05 | N/A | 9.8 CRITICAL |
| Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | |||||
| CVE-2020-36049 | 1 Socket | 1 Socket.io-parser | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used. | |||||