[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-21036: Sails.js before v1.0.0-46 DoS
From: ali.of.south () keemail ! me
Date: 2020-07-18 22:24:26
Message-ID: MCZ-_KW--3-2 () keemail ! me
[Download RAW message or body]
Hello,
Sails.js (https://sailsjs.com/) <https://sailsjs.com/> before v1.0.0-46 allows attackers to \
cause a denial of service with a single request because there is no error handler in \
sails-hook-sockets to handle an empty pathname in a WebSocket request. [Affected Product Code \
Base] Sails.js - < v1.0.0-46
sails-hook-sockets - < 1.5.5
[Attack Vectors]
To exploit vulnerability, attacker should make a request with malformed URL to the socket.
[Reproducing]
1. generate a default sails app.
2. sails lift
3. open app in the browser.
4. open the browser console.
5. execute this code: io.socket.get('?').
[Reference]
- https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e
- https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44
- https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md
Thanks,
Ali Norouzi
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic