PT-2023-26484 · Node.Js · Sails
Thomasrinsma
·
Publicado
2023-07-27
·
Atualizado
2023-08-03
·
CVE-2023-38504
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Sails versions prior to 1.5.7
Description
Sails is a realtime MVC Framework for Node.js. An attacker can send a virtual request that will cause the node process to crash.
Recommendations
For versions prior to 1.5.7, update to version 1.5.7 to resolve the issue.
As a temporary workaround, consider disabling the sockets hook and removing the
sails.io.js client until the update is applied.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sails