CVE-2024-38355 – Denial of Service in socket.io Notifications

Severity: Low2025-08-05

Security Advisories

Abstract

A vulnerability in the socket.io framework could allow a specially crafted packet to crash the Node.js server process due to an uncaught exception. This denial-of-service (DoS) vulnerability is tracked as CVE-2024-38355 and was resolved in socket.io version 4.6.2.

Oxygen Content Fusion uses socket.io to support real-time user notifications. This advisory clarifies the exposure and mitigation applied to prevent application-level service disruption.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v7.1 and olderLow Oxygen Content Fusion 7.1 build 2024100818

Mitigation

None

Detail

CVE-2024-38355

Severity: High

CVSS Score: 7.3

In vulnerable versions of socket.io, a specially crafted packet could lead to an uncaught error that causes the Node.js process to exit, interrupting real-time communication services.

This issue affected the notification subsystem in Oxygen Content Fusion. If triggered, the attack would temporarily disable real-time updates until the notification server was restarted.

Starting with Oxygen Content Fusion 7.1 build 2024100818 the vulnerability was mitigated by updating socket.io to version 4.6.2

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Vibe Authoring with Oxygen AI Positron 8.0
January 21, 2026

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor