3 matches found
CVE-2018-21036
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
@balderdash/sails-edge (>=0.12.0-edge9 <=0.50.0), @fahslaj/test-1 (>=1.0.0 <=1.0.12) +96 more potentially affected by CVE-2018-21036 via sails-hook-sockets (>=0.12.3 <=1.4.3)
sails-hook-sockets NPM version =0.12.3, =0.12.0-edge9, =1.0.0, =1.1.8, =0.0.0, =0.0.0, =1.2.0, =1.2.26 - ctartist621-sails =0.12.3 and more Source cves: CVE-2018-21036 Source advisory: OSV:GHSA-F7F4-HQP2-7PRC...
CVE-2018-21036
CVE-2018-21036 affects Sails.js before v1.0.0-46. The root cause is a missing error handler in the sails-hook-sockets module to handle an empty pathname in a WebSocket request, which enables a denial of service with a single request. Public references reiterate the same description. No explicit r...