Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing CVE-2023-32695 on 3.3.x #125

Open
wants to merge 1 commit into
base: 3.3.x
Choose a base branch
from
Open

Fixing CVE-2023-32695 on 3.3.x #125

wants to merge 1 commit into from

Commits on Oct 9, 2023

  1. fix: check the format of the event name 

    A packet like '2[{"toString":"foo"}]' was decoded as:

{
  type: EVENT,
  data: [ { "toString": "foo" } ]
}

Which would then throw an error when passed to the EventEmitter class:

> TypeError: Cannot convert object to primitive value
>    at Socket.emit (node:events:507:25)
>    at .../node_modules/socket.io/lib/socket.js:531:14

Backported from [socketio/socket.io-devalue-parser@2dc3c92](socketio@2dc3c92)
    arnau.fugarolas committed Oct 9, 2023
    Configuration menu
    Copy the full SHA
    5cc0178 View commit details
    Browse the repository at this point in the history