← Back

Socket.io

socket.io

Vendor: Socket • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-28481
1Socket
1Socket.io
Nov 21, 2024
Jan 19, 2021
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
CVE-2017-16031
1Socket
1Socket.io
Nov 21, 2024
Jun 4, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able...Show more
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.Show less