{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T06:02:26.763","vulnerabilities":[{"cve":{"id":"CVE-2022-2421","sourceIdentifier":"csirt@divd.nl","published":"2022-10-26T10:15:16.780","lastModified":"2026-02-06T11:30:45.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object."},{"lang":"es","value":"Debido a una incorrecta comprobación de tipos en el análisis de archivos adjuntos de la biblioteca js Socket.io, es posible sobrescribir el objeto _placeholder, lo que permite a un atacante colocar referencias a funciones en lugares arbitrarios en el objeto de consulta resultante"}],"metrics":{"cvssMetricV31":[{"source":"csirt@divd.nl","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"csirt@divd.nl","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.3.3","matchCriteriaId":"A71164DE-F49F-4BB6-8F5B-B3F1CAF74021"},{"vulnerable":true,"criteria":"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.2","matchCriteriaId":"341DC336-DDBF-4EB8-BD8C-39427AABD9E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.5","matchCriteriaId":"09139258-15B4-4ABF-B211-21A4BD80B123"},{"vulnerable":true,"criteria":"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.2.1","matchCriteriaId":"D9EC7F6F-846D-4F2B-B808-8C90894EC0C0"}]}]}],"references":[{"url":"https://csirt.divd.nl/CVE-2022-2421","source":"csirt@divd.nl","tags":["Third Party Advisory"]},{"url":"https://csirt.divd.nl/DIVD-2022-00045","source":"csirt@divd.nl","tags":["Third Party Advisory"]},{"url":"https://csirt.divd.nl/CVE-2022-2421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://csirt.divd.nl/DIVD-2022-00045","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}