Lucene search
PRIOn knowledge basePRION:CVE-2022-41940HistoryNov 22, 2022 - 1:15 a.m.
Cross site scripting
2022-11-2201:15:00
PRIOn knowledge base
www.prio-n.com
2
cross site scripting
transport layer
node.js process
engine.io
socket.io
vulnerability
patch
http request
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.
Related
redhatcve
redhatcve
CVE-2022-41940
2022-11-22 19:56:41
cve
cve
CVE-2022-41940
2022-11-22 01:15:37
osv
osv
Uncaught exception in engine.io
2022-11-21 23:55:41
CVE-2022-41940
2022-11-22 01:15:37
github
github
Uncaught exception in engine.io
2022-11-21 23:55:41
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to CVE-2022-41940
2022-12-01 16:56:11
veracode
veracode
Denial Of Service (DoS)
2022-11-23 08:32:44
cvelist
cvelist
CVE-2022-41940 Uncaught exception in engine.io
2022-11-22 00:00:00
nvd
nvd
CVE-2022-41940
2022-11-22 01:15:37
cnvd
cnvd
Socketio Engine.IO Denial of Service Vulnerability
2022-11-24 00:00:00
redhat
redhat
(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update
2023-06-29 20:05:32