Lucene search

[email protected]NVD:CVE-2023-38504

HistoryJul 27, 2023 - 7:15 p.m.

CVE-2023-38504

2023-07-2719:15:10

CWE-248

[email protected]

web.nvd.nist.gov

sails

node.js

mvc

framework

vulnerability

version 1.5.7

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.2%

JSON

Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client.

Affected configurations

Nvd

Node

sailsjssailsRange<1.5.7node.js

VendorProductVersionCPE
sailsjssails*cpe:2.3:a:sailsjs:sails:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
sailsjs	sails	*	cpe:2.3:a:sailsjs:sails::::::node.js::*

References

github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d

github.com/balderdashy/sails/pull/7287

github.com/balderdashy/sails/releases/tag/v1.5.7

github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.2%

JSON

Related for NVD:CVE-2023-38504

cve1 prion1 osv2 cvelist1 github1 veracode1