Vulnerability Details CVE-2022-2421
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.9%
CVSS Severity
CVSS v3 Score 10.0
References
Products affected by CVE-2022-2421
-
cpe:2.3:a:socket:socket.io-parser:2.0.0
-
cpe:2.3:a:socket:socket.io-parser:2.1.0
-
cpe:2.3:a:socket:socket.io-parser:2.1.1
-
cpe:2.3:a:socket:socket.io-parser:2.1.2
-
cpe:2.3:a:socket:socket.io-parser:2.1.3
-
cpe:2.3:a:socket:socket.io-parser:2.1.4
-
cpe:2.3:a:socket:socket.io-parser:2.1.5
-
cpe:2.3:a:socket:socket.io-parser:2.2.0
-
cpe:2.3:a:socket:socket.io-parser:2.2.1
-
cpe:2.3:a:socket:socket.io-parser:2.2.2
-
cpe:2.3:a:socket:socket.io-parser:2.2.3
-
cpe:2.3:a:socket:socket.io-parser:2.2.4
-
cpe:2.3:a:socket:socket.io-parser:2.2.5
-
cpe:2.3:a:socket:socket.io-parser:2.2.6
-
cpe:2.3:a:socket:socket.io-parser:2.3.0
-
cpe:2.3:a:socket:socket.io-parser:2.3.1
-
cpe:2.3:a:socket:socket.io-parser:2.3.2
-
cpe:2.3:a:socket:socket.io-parser:3.0.0
-
cpe:2.3:a:socket:socket.io-parser:3.1.0
-
cpe:2.3:a:socket:socket.io-parser:3.1.1
-
cpe:2.3:a:socket:socket.io-parser:3.1.2
-
cpe:2.3:a:socket:socket.io-parser:3.1.3
-
cpe:2.3:a:socket:socket.io-parser:3.2.0
-
cpe:2.3:a:socket:socket.io-parser:3.3.0
-
cpe:2.3:a:socket:socket.io-parser:3.3.1
-
cpe:2.3:a:socket:socket.io-parser:3.4.0
-
cpe:2.3:a:socket:socket.io-parser:3.4.1
-
cpe:2.3:a:socket:socket.io-parser:3.4.2
-
cpe:2.3:a:socket:socket.io-parser:3.4.3
-
cpe:2.3:a:socket:socket.io-parser:4.0.0
-
cpe:2.3:a:socket:socket.io-parser:4.0.1
-
cpe:2.3:a:socket:socket.io-parser:4.0.2
-
cpe:2.3:a:socket:socket.io-parser:4.0.3
-
cpe:2.3:a:socket:socket.io-parser:4.0.4
-
cpe:2.3:a:socket:socket.io-parser:4.1.0
-
cpe:2.3:a:socket:socket.io-parser:4.1.1
-
cpe:2.3:a:socket:socket.io-parser:4.1.2
-
cpe:2.3:a:socket:socket.io-parser:4.2.0