engine.io
npm4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting engine.iopage 1 of 1
- CVE-2020-36048HIGHCVSS 7.5EG 7.5✓ Fixed in 3.6.02021-01-08
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
- CVE-2022-21676HIGHCVSS 7.5EG 7.5✓ Fixed in 6.1.12022-01-12
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the No…
- CVE-2022-41940HIGHCVSS 7.1EG 7.1✓ Fixed in 6.2.12022-11-22
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the No…
- CVE-2023-31125MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.4.22023-05-08
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socke…
Check whether engine.io is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for engine.io CVEs against the assets you own.
Start Free Scan →