CVE-2020-28481
Published
CVSS v3
5.3
MEDIUM
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
GitHub