The socket.io-file package up to and including 2.0.31 for Node.js relies on client-side validation of file types, which allows remote malicious users to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
socket.io-file project socket.io-file |