Lucene search

K
githubGitHub Advisory DatabaseGHSA-85XX-XHJM-RHRW
HistoryAug 03, 2022 - 12:00 a.m.

Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference

2022-08-0300:00:57
CWE-476
GitHub Advisory Database
github.com
12
socket.io
java
vulnerability
null pointer dereference
parsing

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

60.8%

The package io.socket:socket.io-client before 2.0.1 is vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.

Affected configurations

Vulners
Node
io.socketsocket.io-clientRange<2.0.1
VendorProductVersionCPE
io.socketsocket.io-client*cpe:2.3:a:io.socket:socket.io-client:*:*:*:*:*:*:*:*

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

60.8%

Related for GHSA-85XX-XHJM-RHRW