Socket.io zero-day exploited in the wild (CVE-2020-24807)

Vulnerability is in socket.io-file. Package is downloaded about 500 times a week. The more popular socket.io is not dependant.