socketio / engine.io-client

The engine used in the Socket.IO JavaScript client, which manages the low-level transports such as HTTP long-polling, WebSocket and WebTransport.

https://socket.io

parsejson v0.0.3 has ReDoS vulnerable. see https://nodesecurity.io/advisories/528

yosuke-furukawa opened this issue 7 years ago · comments

Yosuke Furukawa commented 7 years ago

Note: for support questions, please use one of these channels: stackoverflow or slack

https://nodesecurity.io/advisories/528

You want to:

report a bug
request a feature

Current behaviour

fail nsp check.

Steps to reproduce (if the current behaviour is a bug)

run nsp.

Expected behaviour

pass nsp check.

Setup

OS: n/a
browser: n/a
engine.io version: v3.1.1

Other information (e.g. stacktraces, related issues, suggestions how to fix)

https://nodesecurity.io/advisories/528

Damien Arrachequesne commented 7 years ago

Closed by #580.