0.001 Low
EPSS
Percentile
35.4%
engine.io is vulnerable to denial of service. The vulnerability exists in setTimeout parameter in server.js because the HTTP request is not properly triggered which allows to attacker to crash NodeJS.
setTimeout
server.js
github.com/socketio/engine.io/commit/425e833ab13373edf1dd5a0706f07100db14e3c6
github.com/socketio/engine.io/commit/83c4071af871fc188298d7d591e95670bf9f9085
github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w