CVE-2020-24807

Improper Input Validation in npm/socket.io-file

Identifiers

CVE-2020-24807, GHSA-6495-8jvh-f28x

Package Slug

npm/socket.io-file

Vulnerability

Improper Input Validation

Description

The socket.io-file package for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected Versions

All versions up to 2.0.31

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-10-15

source