engine.io Uncaught Exception vulnerability
A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. TypeError: Cannot read properties of undefined (reading 'handlesUpgrades') at Server.onWebSocket (build/server.js:515:67) This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. A fix has been released today (2023/05/02): 6.4.2 This bug was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io …