GHSA-cqmj-92xf-r6r9, CVE-2023-32695
npm/socket.io-parser
Insufficient validation when decoding a Socket.IO packet
A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.
All versions starting from 3.4.0 before 3.4.3, all versions starting from 4.0.0 before 4.2.3
Upgrade to versions 3.4.3, 4.2.3 or above.
2023-05-24
source |