{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T00:19:14.430","vulnerabilities":[{"cve":{"id":"CVE-2024-38355","sourceIdentifier":"security-advisories@github.com","published":"2024-06-19T20:15:11.180","lastModified":"2026-06-17T07:39:58.987","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the \"error\" event to catch these errors.\n"},{"lang":"es","value":"Socket.IO es un framework de comunicación de código abierto, en tiempo real, bidireccional y basado en eventos. Un paquete Socket.IO especialmente manipulado puede desencadenar una excepción no detectada en el servidor Socket.IO, matando así el proceso Node.js. Este problema se solucionó mediante el commit `15af22fc22` que se incluyó en `socket.io@4.6.2` (publicado en mayo de 2023). La solución también se respaldó en la rama 2.x con el commit `d30630ba10`. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden adjuntar un detector del evento \"error\" para detectar estos errores."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"socketio","product":"socket.io","versions":[{"version":"< 2.5.1","status":"affected"},{"version":">= 3.0.0,< 4.6.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"socket","product":"socket.io","defaultStatus":"unknown","cpes":["cpe:2.3:a:socket:socket.io:*:*:*:*:*:node.js:*:*"],"versions":[{"version":"0","lessThan":"2.5.1","versionType":"custom","status":"affected"},{"version":"3.0.0","lessThan":"4.6.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-03T15:54:14.198687Z","id":"CVE-2024-38355","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-754"}]}],"references":[{"url":"https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115","source":"security-advisories@github.com"},{"url":"https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c","source":"security-advisories@github.com"},{"url":"https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj","source":"security-advisories@github.com"},{"url":"https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vicarius.io/vsociety/posts/unhandled-exception-in-socketio-cve-2024-38355","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}