Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAnonymousNODEJS:1763
HistoryJun 30, 2021 - 4:56 p.m.

Resource exhaustion in socket.io-parser

2021-06-3016:56:54
Anonymous
www.npmjs.com
245
socket.io-parser
resource exhaustion
npm package
denial of service
memory consumption
upgrade
cve-2020-36049
github advisory

EPSS

0.002

Percentile

64.5%

JSON

Overview

The socket.io-parser npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Recommendation

Upgrade to versions 3.3.2, 3.4.1 or later

References

Related

osv 2
ubuntucve 1
nvd 1
veracode 1
cve 1
redhatcve 1
debiancve 1
prion 1
cvelist 1
github 1
ibm 1
osv
osv
Resource exhaustion in socket.io-parser
2021-06-30 16:51:31
CVE-2020-36049
2021-01-08 00:15:11
ubuntucve
ubuntucve
CVE-2020-36049
2021-01-08 00:00:00
nvd
nvd
CVE-2020-36049
2021-01-08 00:15:11
veracode
veracode
Denial Of Service (DoS)
2021-01-08 06:29:00
cve
cve
CVE-2020-36049
2021-01-08 00:15:11
redhatcve
redhatcve
CVE-2020-36049
2021-01-20 11:21:01
debiancve
debiancve
CVE-2020-36049
2021-01-08 00:15:11
prion
prion
Design/Logic Flaw
2021-01-08 00:15:00
cvelist
cvelist
CVE-2020-36049
2021-01-07 23:24:23
github
github
Resource exhaustion in socket.io-parser
2021-06-30 16:51:31
ibm
ibm
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
2023-01-19 13:54:16

EPSS

0.002

Percentile

64.5%

JSON
Related for NODEJS:1763
osv2ubuntucve1nvd1veracode1cve1redhatcve1debiancve1prion1cvelist1github1ibm1