Socket.Io · Socket.Io · CVE-2020-28481
Name of the Vulnerable Software and Affected Versions:
socket.io versions prior to 2.4.0
Description:
The issue is related to Insecure Defaults due to CORS Misconfiguration, where all domains are whitelisted by default.
Recommendations:
For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting CORS configuration to only allow specific domains.