engine.io@4.1.0 vulnerabilities

The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server

latest version

6.5.4
latest non vulnerable version

6.5.4
first published

12 years ago
latest version published

5 months ago
licenses detected
- MIT
  >=0
View engine.io package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the engine.io package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Denial of Service (DoS) engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the `Node.js` process. How to fix Denial of Service (DoS)? Upgrade `engine.io` to version 3.6.1, 6.2.1 or higher.	<3.6.1 >=4.0.0 <6.2.1
H Uncaught Exception engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server Affected versions of this package are vulnerable to Uncaught Exception by sending a specially crafted HTTP request, that triggers an uncaught exception and kills the `Node.js` process that runs an Engine.IO or a Socket.IO server. How to fix Uncaught Exception? Upgrade `engine.io` to version 4.1.2, 5.2.1, 6.1.1 or higher.	>=4.0.0 <4.1.2 >=5.0.0 <5.2.1 >=6.0.0 <6.1.1

Denial of Service (DoS)

engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server

Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process.

How to fix Denial of Service (DoS)?

Upgrade engine.io to version 3.6.1, 6.2.1 or higher.

<3.6.1 >=4.0.0 <6.2.1

Uncaught Exception

engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server

Affected versions of this package are vulnerable to Uncaught Exception by sending a specially crafted HTTP request, that triggers an uncaught exception and kills the Node.js process that runs an Engine.IO or a Socket.IO server.

How to fix Uncaught Exception?

Upgrade engine.io to version 4.1.2, 5.2.1, 6.1.1 or higher.

>=4.0.0 <4.1.2 >=5.0.0 <5.2.1 >=6.0.0 <6.1.1

Go back to all versions of this package

engine.io@4.1.0 vulnerabilities

The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities