CVE-2023-32695 doesn't affect version 4.0.2 #4721
-
|
Hi, version 4.0.2 uses: return Array.isArray(payload) && typeof payload[0] === "string";then this version isn't affected by this CVE. cheers, |
Beta Was this translation helpful? Give feedback.
Answered by
darrachequesne
May 24, 2023
Replies: 1 comment 1 reply
-
|
You are right, good catch 👍 I've updated the version range there: GHSA-cqmj-92xf-r6r9 socketio/socket.io-parser@1c220dd was released in version PR for the advisory database: github/advisory-database#2303 |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
The version range was updated to |
Beta Was this translation helpful? Give feedback.
Answer selected by
darrachequesne
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You are right, good catch 👍 I've updated the version range there: GHSA-cqmj-92xf-r6r9
socketio/socket.io-parser@1c220dd was released in version
4.0.4.PR for the advisory database: github/advisory-database#2303