CVE-2023-32695
Insufficient validation when decoding a Socket.IO packet in npm/socket.io-parser
Identifiers
CVE-2023-32695, GHSA-cqmj-92xf-r6r9
Package Slug
npm/socket.io-parser
Vulnerability
Insufficient validation when decoding a Socket.IO packet
Description
Impact
A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.
Affected Versions
All versions starting from 3.4.0 before 3.4.3, all versions starting from 4.0.4 before 4.2.3
Solution
Upgrade to versions 3.4.3, 4.2.3 or above.
Last Modified
2023-05-24
| source |