Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/engine.io-client@0.8.1
Typenpm
Namespace
Nameengine.io-client
Version0.8.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.6.9
Latest_non_vulnerable_version1.6.9
Affected_by_vulnerabilities
0
url VCID-una8-r1gw-yfgy
vulnerability_id VCID-una8-r1gw-yfgy
summary 
Improper Certificate Validation
`engine.io-client` is the client for `engine.io`, the implementation of a transport-based `cross-browser/cross-device` bi-directional communication layer for `Socket.IO.` The vulnerability is related to the way that Node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10536
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45216
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10536
1
reference_url https://github.com/socketio/engine.io-client/commit/2c55b278a491bf45313ecc0825cf800e2f7ff5c1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/socketio/engine.io-client/commit/2c55b278a491bf45313ecc0825cf800e2f7ff5c1
2
reference_url https://www.cigital.com/blog/node-js-socket-io
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.cigital.com/blog/node-js-socket-io
3
reference_url https://www.cigital.com/blog/node-js-socket-io/
reference_id
reference_type
scores
url https://www.cigital.com/blog/node-js-socket-io/
4
reference_url https://www.npmjs.com/advisories/99
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/99
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10536
reference_id CVE-2016-10536
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10536
6
reference_url https://github.com/advisories/GHSA-4r4m-hjwj-43p8
reference_id GHSA-4r4m-hjwj-43p8
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4r4m-hjwj-43p8
fixed_packages
0
url pkg:npm/engine.io-client@1.6.9
purl pkg:npm/engine.io-client@1.6.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/engine.io-client@1.6.9
aliases CVE-2016-10536, GHSA-4r4m-hjwj-43p8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-una8-r1gw-yfgy
1
url VCID-yc5d-8y5k-bfg6
vulnerability_id VCID-yc5d-8y5k-bfg6
summary 
Insecure Defaults Allow MITM Over TLS
There's a flaw in the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client passes in an object for settings that includes the `rejectUnauthorized` property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off.
references
0
reference_url https://github.com/socketio/engine.io-client/commit/2c55b278a491bf45313ecc0825cf800e2f7ff5c1
reference_id
reference_type
scores
url https://github.com/socketio/engine.io-client/commit/2c55b278a491bf45313ecc0825cf800e2f7ff5c1
1
reference_url https://www.cigital.com/blog/node-js-socket-io/
reference_id
reference_type
scores
url https://www.cigital.com/blog/node-js-socket-io/
fixed_packages
0
url pkg:npm/engine.io-client@1.6.9
purl pkg:npm/engine.io-client@1.6.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/engine.io-client@1.6.9
aliases GMS-2016-31
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yc5d-8y5k-bfg6
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/engine.io-client@0.8.1