Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
socket.io-file project socket.io-file vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-24807
The socket.io-file package up to and including 2.0.31 for Node.js relies on client-side validation of file types, which allows remote malicious users to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects pr...
Socket.io-file Project Socket.io-file
5
CVSSv2
CVE-2020-15779
A Path Traversal issue exists in the socket.io-file package up to and including 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
Socket.io-file Project Socket.io-file
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started