socket.io-file

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting socket.io-filepage 1 of 1

CVE-2020-15779HIGHCVSS 7.5EG 7.5
2020-07-15
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
CVE-2020-24807HIGHCVSS 7.8EG 7.8
2020-10-06
The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulner…

Check whether socket.io-file is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for socket.io-file CVEs against the assets you own.

Start Free Scan →