{"containers":{"cna":{"affected":[{"product":"engine.io","vendor":"socketio","versions":[{"status":"affected","version":">= 4.0.0, < 4.1.2"},{"status":"affected","version":">= 5.0.0, < 5.2.1"},{"status":"affected","version":">= 6.0.0, < 6.1.1"}]}],"descriptions":[{"lang":"en","value":"Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-754","description":"CWE-754: Improper Check for Unusual or Exceptional Conditions","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-06-13T23:06:11.000Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"},{"tags":["x_refsource_MISC"],"url":"https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"},{"tags":["x_refsource_MISC"],"url":"https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"},{"tags":["x_refsource_MISC"],"url":"https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"},{"tags":["x_refsource_MISC"],"url":"https://github.com/socketio/engine.io/releases/tag/4.1.2"},{"tags":["x_refsource_MISC"],"url":"https://github.com/socketio/engine.io/releases/tag/5.2.1"},{"tags":["x_refsource_MISC"],"url":"https://github.com/socketio/engine.io/releases/tag/6.1.1"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20220209-0002/"}],"source":{"advisory":"GHSA-273r-mgr4-v34f","discovery":"UNKNOWN"},"title":"Uncaught Exception in engine.io","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-21676","STATE":"PUBLIC","TITLE":"Uncaught Exception in engine.io"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"engine.io","version":{"version_data":[{"version_value":">= 4.0.0, < 4.1.2"},{"version_value":">= 5.0.0, < 5.2.1"},{"version_value":">= 6.0.0, < 6.1.1"}]}}]},"vendor_name":"socketio"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}]},"references":{"reference_data":[{"name":"https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f","refsource":"CONFIRM","url":"https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"},{"name":"https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab","refsource":"MISC","url":"https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"},{"name":"https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db","refsource":"MISC","url":"https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"},{"name":"https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c","refsource":"MISC","url":"https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"},{"name":"https://github.com/socketio/engine.io/releases/tag/4.1.2","refsource":"MISC","url":"https://github.com/socketio/engine.io/releases/tag/4.1.2"},{"name":"https://github.com/socketio/engine.io/releases/tag/5.2.1","refsource":"MISC","url":"https://github.com/socketio/engine.io/releases/tag/5.2.1"},{"name":"https://github.com/socketio/engine.io/releases/tag/6.1.1","refsource":"MISC","url":"https://github.com/socketio/engine.io/releases/tag/6.1.1"},{"name":"https://security.netapp.com/advisory/ntap-20220209-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20220209-0002/"}]},"source":{"advisory":"GHSA-273r-mgr4-v34f","discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T02:46:39.237Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/socketio/engine.io/commit/66f889fc1d966bf5bfa0de1939069153643874ab"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/socketio/engine.io/commit/a70800d7e96da32f6e6622804ef659ebc58659db"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/socketio/engine.io/commit/c0e194d44933bd83bf9a4b126fca68ba7bf5098c"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/socketio/engine.io/releases/tag/4.1.2"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/socketio/engine.io/releases/tag/5.2.1"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/socketio/engine.io/releases/tag/6.1.1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220209-0002/"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-23T15:58:14.583594Z","id":"CVE-2022-21676","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-23T19:13:15.800Z"}}]},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2022-21676","datePublished":"2022-01-12T18:25:15.000Z","dateReserved":"2021-11-16T00:00:00.000Z","dateUpdated":"2025-04-23T19:13:15.800Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}