Dark Mode

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Security issue [CVE-2022-2421] CWE-89 - Score 10.0 #4509

Closed
Closed
Security issue [CVE-2022-2421] CWE-89 - Score 10.0#4509
Labels
documentationImprovements or additions to documentation
Milestone

Description

Describe the bug
Security Issue

Auditjs output:

[1037/1198] - pkg:npm/socket.io@4.5.3 - 1 vulnerability found!
Vulnerability Title: [CVE-2022-2421] CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ID: CVE-2022-2421
Description: Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
CVSS Score: 10
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2022-2421
Reference: https://ossindex.sonatype.org/vulnerability/CVE-2022-2421?component-type=npm&component-name=socket.io&utm_source=auditjs&utm_medium=integration&utm_content=4.0.37

Sonar output:

socket.io@4.5.2 has vulnerabilities: * [CVE-2022-2421] CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - Score 10.0 - https://ossindex.sonatype.org/vulnerability/CVE-2022-2421?component-type=npm&component-name=socket.io&utm_source=auditjs&utm_medium=integration&utm_content=4.0.22

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentation

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions