npm package
engine.io
pkg:npm/engine.io
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-31125 | — | >= 5.1.0, < 6.4.2 | 6.4.2 | May 8, 2023 | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are | ||
| CVE-2022-41940 | — | < 3.6.1 | 3.6.1 | Nov 22, 2022 | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users | ||
| CVE-2022-21676 | — | >= 4.0.0, < 4.1.2 | 4.1.2 | Jan 12, 2022 | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users | ||
| CVE-2020-36048 | — | < 3.6.0 | 3.6.0 | Jan 7, 2021 | Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport. |
- CVE-2023-31125May 8, 2023affected >= 5.1.0, < 6.4.2fixed 6.4.2
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are
- CVE-2022-41940Nov 22, 2022affected < 3.6.1fixed 3.6.1
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users
- CVE-2022-21676Jan 12, 2022affected >= 4.0.0, < 4.1.2fixed 4.1.2
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users
- CVE-2020-36048Jan 7, 2021affected < 3.6.0fixed 3.6.0
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.