CVE-2022-2421 - Socket.io - Improper type validation in attachment parsing
CVE | CVE-2022-2421 |
Case | DIVD-2022-00045 |
Credits |
|
Products |
Socket.io:
|
Versions |
Socket.io:
|
Page author | Victor Pasman |
CVSS | Base score: 10 |
References | |
Last modified | 28 Oct 2022 13:11 |
Description
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
JSON version