| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2023-32695.patch | check the format of the event name A packet like '2[{"toString":"foo"}]' was decoded as: . { type: EVENT, data: [ { "toString": "foo" } ] } . Which would then throw an error when passed to the EventEmitter class: . > TypeError: Cannot convert object to primitive value > at Socket.emit (node:events:507:25) > at .../node_modules/socket.io/lib/socket.js:531:14 |
Damien Arrachequesne <damien.arrachequesne@gmail.com> | not-needed | upstream | upstream, https://github.com/socketio/socket.io-parser/commit/3b78117b | 2023-05-24 |