Uncaught Exception Vulnerability in Socket.IO Server

Uncaught Exception Vulnerability in Socket.IO Server

CVE-2023-32695 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.

Learn more about our Cis Benchmark Audit For Server Software.