Filtered by vendor Socket
Subscriptions
Filtered by product Socket.io
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28481 | 1 Socket | 1 Socket.io | 2024-11-21 | 5.3 Medium |
| The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. | ||||
| CVE-2017-16031 | 1 Socket | 1 Socket.io | 2024-11-21 | N/A |
| Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information. | ||||
Page 1 of 1.