icon

We found results for “

WS-2020-0173

Good to know:

icon

Date: October 2, 2020

socket.io-file through 2.0.31 is vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the 'name' value to upload any file types.

Language: JS

Severity Score

Severity Score

Top Fix

icon

Upgrade Version

No fix version available

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privilegs Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): HIGH

Do you need more information?

Contact Us