Moderate severityNVD Advisory· Published Jan 19, 2021· Updated Sep 16, 2024
Insecure Defaults
CVE-2020-28481
Description
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
socket.ionpm | < 2.4.0 | 2.4.0 |
Affected products
2- socket.io/socket.iodescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-fxwf-4rqh-v8g3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28481ghsaADVISORY
- github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7ghsaWEB
- github.com/socketio/socket.io/issues/3671ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1056358ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1056357ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-SOCKETIO-1024859ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.