CVE-2018-21036
Summary
| CVE | CVE-2018-21036 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-21 14:15:00 UTC |
| Updated | 2020-07-23 12:57:00 UTC |
| Description | Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Define req.path for socket requests. · balderdashy/sails-hook-sockets@ff02114 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| oss-security - CVE-2018-21036: Sails.js before v1.0.0-46 DoS | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| sails/CHANGELOG.md at 56f8276f6501a144a03d1f0f28df4ccdb4ad82e2 · balderdashy/sails · GitHub | MISC | github.com | Third Party Advisory |
| Follow up to ff02114eaec090ee51db48435cc32d451662606e to ensure req.p… · balderdashy/sails-hook-sockets@0533a48 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 980750 Nodejs (npm) Security Update for sails-hook-sockets (GHSA-f7f4-hqp2-7prc)