CVE-2017-16031

NONE EPSS 78.3%
Published Jun 4, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 4, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.

Threat Intelligence

EPSS Exploit Probability
78.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-330

Affected Products 1

VendorProductVersionRange
socketsocket.io* ≤0.9.6

References 4

  • github.com https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/socketio/socket.io/issues/856
    Issue TrackingThird Party Advisory
  • github.com https://github.com/socketio/socket.io/pull/857
    Issue TrackingThird Party Advisory
  • nodesecurity.io https://nodesecurity.io/advisories/321
    Third Party Advisory

Remediation

  • github.com https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8
    Issue TrackingPatchThird Party Advisory