Socket
Socket
Sign inDemoInstall

socket.io-parser

Package Overview
Dependencies
4
Maintainers
2
Versions
53
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 3.3.1 to 3.3.2

8

CHANGELOG.md

@@ -0,2 +1,10 @@

## [3.3.2](https://github.com/Automattic/socket.io-parser/compare/3.3.1...3.3.2) (2021-01-09)
### Bug Fixes
* prevent DoS (OOM) via massive packets ([#95](https://github.com/Automattic/socket.io-parser/issues/95)) ([89197a0](https://github.com/Automattic/socket.io-parser/commit/89197a05c43b18cc4569fd178d56e7bb8f403865))
## [3.3.1](https://github.com/socketio/socket.io-parser/compare/3.3.0...3.3.1) (2020-09-30)

17

index.js

@@ -289,7 +289,5 @@

if (exports.BINARY_EVENT === p.type || exports.BINARY_ACK === p.type) {
var buf = '';
while (str.charAt(++i) !== '-') {
buf += str.charAt(i);
if (i == str.length) break;
}
var start = i + 1;
while (str.charAt(++i) !== '-' && i != str.length) {}
var buf = str.substring(start, i);
if (buf != Number(buf) || str.charAt(i) !== '-') {

@@ -303,9 +301,9 @@ throw new Error('Illegal attachments');

if ('/' === str.charAt(i + 1)) {
p.nsp = '';
var start = i + 1;
while (++i) {
var c = str.charAt(i);
if (',' === c) break;
p.nsp += c;
if (i === str.length) break;
}
p.nsp = str.substring(start, i);
} else {

@@ -318,3 +316,3 @@ p.nsp = '/';

if ('' !== next && Number(next) == next) {
p.id = '';
var start = i + 1;
while (++i) {

@@ -326,6 +324,5 @@ var c = str.charAt(i);

}
p.id += str.charAt(i);
if (i === str.length) break;
}
p.id = Number(p.id);
p.id = Number(str.substring(start, i + 1));
}

@@ -332,0 +329,0 @@

{
"name": "socket.io-parser",
"version": "3.3.1",
"version": "3.3.2",
"description": "socket.io protocol parser",

@@ -5,0 +5,0 @@ "repository": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc