Advisories for Npm/Socket.io-Parser package

Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

socket.io-parser allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.