VYPR

npm package

sse-channel

pkg:npm/sse-channel

Vulnerabilities (1)

  • CVE-2026-44217MedMay 12, 2026
    affected < 4.0.1fixed 4.0.1

    sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrar