socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.
References
Configurations
Configuration 1 (hide)
|
History
05 Jun 2023, 15:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:* | |
First Time |
Socket
Socket socket.io-parser |
|
CWE | CWE-754 | |
References | (MISC) https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced - Patch | |
References | (MISC) https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3 - Patch | |
References | (MISC) https://github.com/socketio/socket.io-parser/releases/tag/4.2.3 - Release Notes | |
References | (MISC) https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9 - Vendor Advisory |
27 May 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-27 16:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-32695
Mitre link : CVE-2023-32695
CVE.ORG link : CVE-2023-32695
JSON object : View
Products Affected
socket
- socket.io-parser