Insufficient validation when decoding a Socket.IO packet
CVE-2023-32695
7.5HIGH
What is CVE-2023-32695?
The Socket.IO parser, which encodes and decodes Socket.IO communications in JavaScript, has a vulnerability that can lead to an uncaught exception on the Socket.IO server. This flaw allows specially crafted Socket.IO packets to cause the Node.js process to terminate unexpectedly. A patch has been made available in version 4.2.3 to address this issue.
Affected Version(s)
socket.io-parser >= 4.0.0, < 4.2.3 < 4.0.0, 4.2.3
socket.io-parser >= 3.4.0, < 3.4.3 < 3.4.0, 3.4.3
