@balderdash/sails-edge (>=0.12.0-edge9 <=0.50.0), @fahslaj/test-1 (>=1.0.0 <=1.0.12) +96 more potentially affected by CVE-2018-21036 via sails-hook-sockets (>=0.12.3 <=1.4.3)

sails-hook-sockets NPM version =0.12.3, =0.12.0-edge9, =1.0.0, =1.1.8, =0.0.0, =0.0.0, =1.2.0, =1.2.26 - ctartist621-sails =0.12.3 and more Source cves: CVE-2018-21036 Source advisory: OSV:GHSA-F7F4-HQP2-7PRC...

Denial Of Service (DoS)

sails-hook-sockets is vulnerable to denial of service DoS. An attacker can send a WebSocket request with an empty string to the URL pathname variable to trigger an application crash as the error was not handled...