CVE-2023-30591

Name of the Vulnerable Software and Affected Versions NodeBB versions <= 2.8.10

Description The issue allows unauthenticated attackers to trigger a crash in NodeBB when invoking eventName.startsWith() or eventName.toString(), while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.

Recommendations For NodeBB versions <= 2.8.10, update to a version greater than 2.8.10 to resolve the issue. As a temporary workaround, consider restricting the use of Socket.IO messages to minimize the risk of exploitation.