You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Insufficient validation when decoding a Socket.IO packet
Critical severity in socket.io-parser CVE-2022-2421
Description: Due to improper type validation in the socket.io-parser library (which is used by the socket.io and socket.io-client packages to encode and decode Socket.IO packets), it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
Insufficient validation when decoding a Socket.IO packet
Critical severity in socket.io-parser
CVE-2022-2421
Description: Due to improper type validation in the socket.io-parser library (which is used by the socket.io and socket.io-client packages to encode and decode Socket.IO packets), it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
Affected versions < 4.0.5 >= 4.1.0, < 4.2.1
Patched versions 4.0.5 and 4.2.1
The text was updated successfully, but these errors were encountered: