2 matches found
CVE-2023-38504
Sails (Node.js) CVE-2023-38504 affects apps before v1.5.7. An attacker could send a virtual request that crashes the node process, enabling a Denial of Service. The issue is fixed in v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client.
CVE-2018-21036
CVE-2018-21036 affects Sails.js before v1.0.0-46. The root cause is a missing error handler in the sails-hook-sockets module to handle an empty pathname in a WebSocket request, which enables a denial of service with a single request. Public references reiterate the same description. No explicit r...