EPSS
Percentile
53.0%
socket.io uses an insecure cross-origin resource sharing configuration. All domains are whitelisted by default and allows cross-origin resource sharing, leading to information disclosure.
github.com/advisories/GHSA-fxwf-4rqh-v8g3
github.com/socketio/socket.io/issues/3671