Socket Socket.io
2 CVEs affecting Socket Socket.io. Latest disclosed: 2021-01-19. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-16031 | High | 7.5 | 2018-06-04 | Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to cre… |
CVE-2020-28481 | Medium | 5.3 | 2021-01-19 | The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. |