Skip to content

DoS vulnerability for apps with sockets enabled

High
eashaw published GHSA-gpw9-fwm8-7rx7 Jul 27, 2023

Package

npm sails (npm)

Affected versions

<1.5.7

Patched versions

1.5.7

Description

Impact

In Sails apps <=v1.5.6, an attacker can send a virtual request that will cause the node process to crash.

Patches

This behavior was fixed in Sails v1.5.7

Workarounds

Disable the sockets hook and remove the sails.io.js client

References

#7287

Big thanks to @ThomasRinsma at Codean!

Severity

High

CVE ID

CVE-2023-38504

Weaknesses

Credits