The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44430.json"