Uncaught Exception

CVE-2023-38504

High

7.5/10

Summary

Sails is a real-time MVC Framework for Node.js. Sails apps in versions prior to 1.5.7, an attacker can send a virtual request that will cause the node process to crash. As a workaround, disable the sockets hook and remove the "sails.io.js" client.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-248 - Uncaught Exception

An exception is thrown from a function, but it is not caught.

References

Advisory
Release Note
Pull request

Advisory Timeline

Published Jul 27, 2023

Uncaught Exception

CVE-2023-38504

Summary

CWE-248 - Uncaught Exception

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS