Filtered by vendor Socket Subscriptions
Filtered by product Socket.io Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-59724 1 Socket 1 Socket.io 2026-07-10 7.5 High
Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as __proto__ through an inherited property of the clients object during WebTransport upgrade handling, causing a TypeError and denial of service. This issue is fixed in version 6.6.7.
CVE-2026-59725 2 Redhat, Socket 2 Hummingbird, Socket.io 2026-07-10 7.5 High
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated attacker to exhaust server-side connections and sockets. This issue is fixed in version 6.6.7.
CVE-2026-33151 1 Socket 2 Socket.io, Socket.io-parser 2026-04-15 7.5 High
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6.
CVE-2020-28481 1 Socket 1 Socket.io 2024-11-21 5.3 Medium
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
CVE-2017-16031 1 Socket 1 Socket.io 2024-11-21 N/A
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.