Skip to content

Insecure defaults due to CORS misconfiguration in socket.io

Moderate severity GitHub Reviewed Published Jan 20, 2021 • Updated Jan 29, 2021

Package

npm socket.io (npm)

Affected versions

< 2.4.0

Patched versions

2.4.0

Description

Severity

Moderate

CVE ID

CVE-2020-28481

GHSA ID

GHSA-fxwf-4rqh-v8g3

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.