Severity: moderate

    Insecure Default Configuration

    socket.io

    Overview

    Affected versions of socket.io are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.

    Remediation

    Update to version 2.4.0 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Feb 19th, 2021
    2. reported

      Reported by Anonymous
      Feb 19th, 2021