CVE-2020-24807, GHSA-6495-8jvh-f28x
npm/socket.io-file
Improper Input Validation
The socket.io-file package for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
All versions up to 2.0.31
Unfortunately, there is no solution available yet.
2020-10-15
source |