Skip to content

security: vulnerability reported in [email protected] #4711

New issue
New issue
Closed
Closed
security: vulnerability reported in [email protected]#4711
Labels
to triageWaiting to be triaged by a member of the team
@vince-fugnitto

Description

@vince-fugnitto
vince-fugnitto
opened on May 9, 2023

Describe the bug

There is a security vulnerability reported in [email protected] which socket.io declares in it's dependencies:

socket.io/package.json

Line 52 in 3d44aae

"engine.io": "~6.4.1",

npm audit output:

$ npm audit
# npm audit report

cookiejar  <2.1.4
Severity: moderate
cookiejar Regular Expression Denial of Service via Cookie.parse function - https://github.com/advisories/GHSA-h452-7996-h45h
fix available via `npm audit fix`
node_modules/cookiejar

engine.io  5.1.0 - 6.4.1
Severity: high
engine.io Uncaught Exception vulnerability - https://github.com/advisories/GHSA-q9mw-68c2-j6m5
fix available via `npm audit fix`
node_modules/engine.io

2 vulnerabilities (1 moderate, 1 high)

To address all issues, run:
  npm audit fix

To Reproduce

  1. clone the repository
  2. perform npm audit

Metadata

Metadata

Assignees

No one assigned

    Labels

    to triageWaiting to be triaged by a member of the team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions