Skip to content

Security: socketio/socket.io-parser

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
4.x
3.x
< 3.0

Reporting a Vulnerability

To report a security vulnerability in this package, please send an email to @darrachequesne (see address in profile) describing the vulnerability and how to reproduce it.

We will get back to you as soon as possible and publish a fix if necessary.

⚠️ IMPORTANT ⚠️ please do not create an issue in this repository, as attackers might take advantage of it. Thank you in advance for your responsible disclosure.

History

Date Description CVE number
January 2021 Resource exhaustion in socket.io-parser CVE-2020-36049
October 2022 Insufficient validation when decoding a Socket.IO packet CVE-2022-2421
May 2023 Insufficient validation when decoding a Socket.IO packet CVE-2023-32695
Learn more about advisories related to socketio/socket.io-parser in the GitHub Advisory Database