AZL-44820

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44820.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-44820

Upstream

CVE-2022-41940

Published

2022-11-22T01:15:37Z

Modified

2026-04-21T04:31:31.083763Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2022-41940 affecting package js-jquery 3.5.0-4

Details

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-41940

Affected packages

Azure Linux:3 / js-jquery

Package

Name: js-jquery
Purl: pkg:rpm/azure-linux/js-jquery

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.5.0-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-44820.json"