Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Socket Subscribe
Filtered by product Socket.io
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28481 1 Socket 1 Socket.io 2021-01-28 4.0 MEDIUM 4.3 MEDIUM
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
CVE-2017-16031 1 Socket 1 Socket.io 2018-07-31 5.0 MEDIUM 7.5 HIGH
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.