CVE-2022-21676

Improper Check for Unusual or Exceptional Conditions in npm/engine.io

Identifiers

CVE-2022-21676, GHSA-273r-mgr4-v34f

Package Slug

npm/engine.io

Vulnerability

Improper Check for Unusual or Exceptional Conditions

Description

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process.

Affected Versions

All versions starting from 4.0.0 before 4.1.2, all versions starting from 5.0.0 before 5.2.1, all versions starting from 6.0.0 before 6.1.1

Solution

Upgrade to versions 4.1.2, 5.2.1, 6.1.1 or above.

Last Modified

2022-01-21

source