Описание
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client.
Ссылки
- Patch
- Issue Tracking
- Release Notes
- Vendor Advisory
- Patch
- Issue Tracking
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.7 (исключая)
cpe:2.3:a:sailsjs:sails:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 45%
0.00225
Низкий
7.5 High
CVSS3
Дефекты
CWE-248
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
DoS vulnerability for apps with sockets enabled
EPSS
Процентиль: 45%
0.00225
Низкий
7.5 High
CVSS3
Дефекты
CWE-248
NVD-CWE-noinfo