Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `` package, including those who use depending packages like ``. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version.

Source: CVE-2023-31125

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 항목은 *(으)로 표시합니다

Time limit is exhausted. Please reload the CAPTCHA.