High severityNVD Advisory· Published Jan 7, 2021· Updated Aug 4, 2024
CVE-2020-36048
CVE-2020-36048
Description
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
engine.ionpm | < 3.6.0 | 3.6.0 |
Affected products
2- Engine.IO/Engine.IOdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-j4f2-536g-r55mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-36048ghsaADVISORY
- blog.caller.xyz/socketio-engineio-dosghsaWEB
- blog.caller.xyz/socketio-engineio-dos/mitrex_refsource_MISC
- github.com/socketio/engine.io/commit/58e274c437e9cbcf69fd913c813aad8fbd253703ghsaWEB
- github.com/socketio/engine.io/commit/734f9d1268840722c41219e69eb58318e0b2ac6bghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.