Sails.Js · Sails.Js · CVE-2018-21036
**Name of the Vulnerable Software and Affected Versions**
Sails.js versions prior to 1.0.0-46
**Description**
The issue allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
**Recommendations**
For versions prior to 1.0.0-46, update to version 1.0.0-46 or later to resolve the issue. As a temporary workaround, consider implementing a custom error handler in sails-hook-sockets to handle empty pathnames in WebSocket requests.