Published: 27/07/2023 Updated: 03/08/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sailsjs sails

bdragon-org/dependabot-create-pull-requests-from-rules-2 Dependabot security updates: disabled Dependabot alerts: enabled Alert rules: Dismiss low-moderate alerts for npm dev dependencies Dismiss until patch then open PR for npm runtime dependencies Manifest files: packagejson package-lockjson dependency advisory severity affected patched rule expect PR? sails CVE-

NVD-CWE-noinfo https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7 https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d https://github.com/balderdashy/sails/releases/tag/v1.5.7 https://github.com/balderdashy/sails/pull/7287 https://nvd.nist.gov https://github.com/bdragon-org/dependabot-create-pull-requests-from-rules-2

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-38504

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect