CVE-2018-21036

Published: Jul 21, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e

x_refsource_MISC

https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44

x_refsource_MISC

https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md

x_refsource_MISC

[oss-security] 20200719 CVE-2018-21036: Sails.js before v1.0.0-46 DoS

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-21036

Description

Affected Products

References