Uncaught Exception
CVE-2023-32695
Summary
A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue affects socket.io-parser versions 3.1.3 prior to 3.4.3, and 4.0.0 prior 4.2.3
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-248 - Uncaught Exception
An exception is thrown from a function, but it is not caught.
References
Advisory Timeline
- Published