New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Critical vulnerability: Insufficient validation when decoding a Socket.IO packet #3823
Comments
yeah experienced the same thing. |
I've tried updating my Karma stack to |
6.4.1 is using the vulnerable socket.io i made a PR bumping it and waiting on it to get reviewed. |
I tried adding these two resolutions along with
|
I'm experiencing the same problem |
Any timeline on getting this PR merged? |
+1, waiting for the patch version... |
+1, waiting for the patch version... |
+1, we are also waiting for the patch version... |
+1, waiting for the patch version... |
Hello,
We are currently facing a critical vulnerability in our project that depends on karma.
GHSA-qm95-pgcg-qqfq
Steps to reproduce:
npm install
npm audit
Console message:
Thank you in advance.
The text was updated successfully, but these errors were encountered: