Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Socket\.io
(Socket)| Repositories | https://github.com/socketio/socket.io |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-19 | CVE-2020-28481 | The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. | Socket\.io | 4.3 | ||
| 2018-06-04 | CVE-2017-16031 | Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information. | Socket\.io | 7.5 |