VYPR
Critical severity10.0NVD Advisory· Published Oct 26, 2022· Updated Jun 17, 2026

CVE-2022-2421

CVE-2022-2421

Description

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
socket.io-parsernpm
>= 4.0.0, < 4.0.54.0.5
socket.io-parsernpm
>= 4.1.0, < 4.2.14.2.1
socket.io-parsernpm
< 3.3.33.3.3
socket.io-parsernpm
>= 3.4.0, < 3.4.23.4.2

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.