[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-21036: Sails.js before v1.0.0-46 DoS
From:       ali.of.south () keemail ! me
Date:       2020-07-18 22:24:26
Message-ID: MCZ-_KW--3-2 () keemail ! me
[Download RAW message or body]


Hello,

Sails.js (https://sailsjs.com/) <https://sailsjs.com/> before v1.0.0-46 allows attackers to \
cause a denial of service with a single request because there is no error handler in \
sails-hook-sockets to handle an empty pathname in a WebSocket request. [Affected Product Code \
Base] Sails.js - < v1.0.0-46
sails-hook-sockets - < 1.5.5

[Attack Vectors]
To exploit vulnerability, attacker should make a request with malformed URL to the socket.

[Reproducing]
1. generate a default sails app.
2. sails lift
3. open app in the browser.
4. open the browser console.
5. execute this code: io.socket.get('?').

[Reference]
- https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e
                
- https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44
                
- https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md


Thanks,
Ali Norouzi



[prev in list] [next in list] [prev in thread] [next in thread]