Lucene search
China National Vulnerability DatabaseCNVD-2022-85553HistoryNov 24, 2022 - 12:00 a.m.
Socketio Engine.IO Denial of Service Vulnerability
2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
denial of service
socketio
engine.io
version 3.6.1
version 4.0.0
version 6.2.1
error messages
attackers
0.001 Low
EPSS
Percentile
35.4%
Engine.IO is a transport-based implementation of Socket.IO’s cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to launch denial-of-service attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| socketio engine.io | lt | 3.6.1 | |
| socketio engine.io >=4.0.0, | lt | 6.2.1 |
Related
redhatcve
redhatcve
CVE-2022-41940
2022-11-22 19:56:41
cve
cve
CVE-2022-41940
2022-11-22 01:15:37
osv
osv
Uncaught exception in engine.io
2022-11-21 23:55:41
CVE-2022-41940
2022-11-22 01:15:37
github
github
Uncaught exception in engine.io
2022-11-21 23:55:41
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to CVE-2022-41940
2022-12-01 16:56:11
veracode
veracode
Denial Of Service (DoS)
2022-11-23 08:32:44
cvelist
cvelist
CVE-2022-41940 Uncaught exception in engine.io
2022-11-22 00:00:00
nvd
nvd
CVE-2022-41940
2022-11-22 01:15:37
prion
prion
Cross site scripting
2022-11-22 01:15:00
redhat
redhat
(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update
2023-06-29 20:05:32