Socket - Socket.io-parser CVE

Filtered by vendor Socket Subscribe

Filtered by product Socket.io-parser

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-2421	1 Socket	1 Socket.io-parser	2024-01-02	N/A	9.8 CRITICAL
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.

Vulnerabilities (CVE)