Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] DOS vulnerability in ws module required by engine.io module #3109

Closed
1 of 2 tasks
jdforsythe opened this issue Nov 8, 2017 · 3 comments
Closed
1 of 2 tasks

[Security] DOS vulnerability in ws module required by engine.io module #3109

jdforsythe opened this issue Nov 8, 2017 · 3 comments

Comments

@jdforsythe
Copy link

Note: for support questions, please use one of these channels: stackoverflow or slack

You want to:

  • report a bug
  • request a feature

Current behaviour

Dependency downstream on ws module

socketio/engine.io#542
https://nodesecurity.io/advisories/550

Steps to reproduce (if the current behaviour is a bug)

Note: the best way to get a quick answer is to provide a failing test case, by forking the following fiddle for example.

Expected behaviour

Setup

  • OS:
  • browser:
  • socket.io version: 2.0.4

Other information (e.g. stacktraces, related issues, suggestions how to fix)

Update to a version of socketio/engine.io with socketio/engine.io#542 fixed
@hello2dj
Copy link

like this

socket io

@JREAM
Copy link

JREAM commented Nov 10, 2017

temporary work-around since this is 2 days old from posting.
touch .nsprc

{
  "exceptions":  ["https://nodesecurity.io/advisories/550"]
}

@darrachequesne
Copy link
Member

Closed by socketio/engine.io#543 and released as 3.1.4. Sorry for the delay!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@JREAM @jdforsythe @hello2dj @darrachequesne