VYPR

npm package

engine.io

pkg:npm/engine.io

Vulnerabilities (4)

  • CVE-2023-31125May 8, 2023
    affected >= 5.1.0, < 6.4.2fixed 6.4.2

    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are

  • CVE-2022-41940Nov 22, 2022
    affected < 3.6.1fixed 3.6.1

    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users

  • CVE-2022-21676Jan 12, 2022
    affected >= 4.0.0, < 4.1.2fixed 4.1.2

    Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users

  • CVE-2020-36048Jan 7, 2021
    affected < 3.6.0fixed 3.6.0

    Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.