CVE-2018-21036

Name of the Vulnerable Software and Affected Versions Sails.js versions prior to 1.0.0-46

Description The issue allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.

Recommendations For versions prior to 1.0.0-46, update to version 1.0.0-46 or later to resolve the issue. As a temporary workaround, consider implementing a custom error handler in sails-hook-sockets to handle empty pathnames in WebSocket requests.