CVE-2017-16031

Name of the Vulnerable Software and Affected Versions: socket.io versions 0.9.6 and earlier

Description: The issue concerns the predictability of socket IDs in socket.io, which are generated using Math.random(). This predictability allows an attacker to guess the socket ID, potentially gaining unauthorized access to socket.io servers and obtaining sensitive information.

Recommendations: Update to v0.9.7 or later.