← Back

Socket.io Parser

socket.io-parser

Vendor: Socket • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-33151
1Socket
1Socket.io Parser
Apr 14, 2026
Mar 20, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of...Show more
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6.Show less
CVE-2023-32695
1Socket
1Socket.io Parser
Nov 21, 2024
May 27, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, th...Show more
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. Show less
CVE-2022-2421
1Socket
1Socket.io Parser
Feb 6, 2026
Oct 26, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the res...Show more
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.Show less
CVE-2020-36049
1Socket
1Socket.io Parser
Nov 21, 2024
Jan 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.