CVE-2024-38355
CVSS 3.1 Score 7.3 of 10 (high)
Details
Published Jun 19, 2024
Updated: Jun 20, 2024
CWE ID 754
CWE ID 20
Summary
CVE-2024-38355 is a vulnerability affecting Socket.IO, an open-source real-time communication framework. A maliciously crafted packet can trigger an uncaught exception on the Socket.IO server, leading to the termination of the Node.js process. This issue has been resolved in version 4.6.2, released in May 2023, and commit `d30630ba10` in the 2.x branch. Upgrading to these versions is advised to mitigate this risk. Alternatively, users can add a listener for the "error" event to catch such errors.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Socket.IO
Affected Vendors
- Socket