CVE-2022-21676, GHSA-273r-mgr4-v34f
npm/engine.io
Improper Check for Unusual or Exceptional Conditions
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process.
All versions starting from 4.0.0 before 4.1.2, all versions starting from 5.0.0 before 5.2.1, all versions starting from 6.0.0 before 6.1.1
Upgrade to versions 4.1.2, 5.2.1, 6.1.1 or above.
2022-01-21
source |