GHSA-r2gr-fhmr-66c5: Duplicate Advisory: "Arbitrary code execution in socket.io-file"

May 10, 2021 (updated January 22, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references.

Original Description

“The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.”

References

github.com/advisories/GHSA-6495-8jvh-f28x
github.com/advisories/GHSA-r2gr-fhmr-66c5
github.com/rico345100/socket.io-file
nvd.nist.gov/vuln/detail/CVE-2020-24807
www.npmjs.com/advisories/1564
www.npmjs.com/package/socket.io-file

Code Behaviors & Features

Detect and mitigate GHSA-r2gr-fhmr-66c5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →