bcaller/kill-engine-io

Releases0

Stars7

DoS python-engineio / socketio via the long polling transport

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-36048 ↗	Jan 8, 2021Friday, 8 January 2021, 00:15	7.5 HIGH	5 MEDIUM
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
CVE-2020-36049 ↗	Jan 8, 2021Friday, 8 January 2021, 00:15	7.5 HIGH	5 MEDIUM
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.