PT-2021-11544 · Socket.Io · Socket.Io

Ni8Walk3R

Published

2021-01-19

Updated

2021-01-28

CVE-2020-28481

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: socket.io versions prior to 2.4.0

Description: The issue is related to Insecure Defaults due to CORS Misconfiguration, where all domains are whitelisted by default.

Recommendations: For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting CORS configuration to only allow specific domains.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-453CWE-346

Related Identifiers

AZL-44430

CVE-2020-28481

GHSA-FXWF-4RQH-V8G3

SNYK-JAVA-ORGWEBJARSBOWER-1056358

SNYK-JAVA-ORGWEBJARSNPM-1056357

SNYK-JS-SOCKETIO-1024859

Affected Products

Socket.Io

PT-2021-11544 · Socket.Io · Socket.Io

CVE-2020-28481

Weakness Enumeration

Related Identifiers

Affected Products

References · 10