Version | Supported |
---|---|
4.x | ✅ |
3.x | ✅ |
< 3.0 | ❌ |
To report a security vulnerability in this package, please send an email to @darrachequesne (see address in profile) describing the vulnerability and how to reproduce it.
We will get back to you as soon as possible and publish a fix if necessary.
Date | Description | CVE number |
---|---|---|
January 2021 | Resource exhaustion in socket.io-parser | CVE-2020-36049 |
October 2022 | Insufficient validation when decoding a Socket.IO packet | CVE-2022-2421 |
May 2023 | Insufficient validation when decoding a Socket.IO packet | CVE-2023-32695 |