VYPR

Socket.io Parser

by Socket

Source repositories

CVEs (2)

  • CVE-2026-33151HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.01

    Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited…

  • CVE-2023-32695May 27, 2023
    risk 0.00cvss epss 0.01

    socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released…