oss-sec mailing list archives
CVE-2018-21036: Sails.js before v1.0.0-46 DoS
From: ali.of.south () keemail me
Date: Sun, 19 Jul 2020 00:24:26 +0200 (CEST)
Hello, Sails.js (https://sailsjs.com/) <https://sailsjs.com/> before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. [Affected Product Code Base] Sails.js - < v1.0.0-46 sails-hook-sockets - < 1.5.5 [Attack Vectors] To exploit vulnerability, attacker should make a request with malformed URL to the socket. [Reproducing] 1. generate a default sails app. 2. sails lift 3. open app in the browser. 4. open the browser console. 5. execute this code: io.socket.get('?'). [Reference] - https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e - https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44 - https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md Thanks, Ali Norouzi
Current thread:
- CVE-2018-21036: Sails.js before v1.0.0-46 DoS ali . of . south (Jul 19)