Sails DoS vulnerability for apps with sockets enabled

Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

未捕获的异常

Sails.js 安全漏洞

Sails.js是美国Sails公司的一款基于Node.js的Web应用程序框架。 Sails.js 1.5.7 之前版本存在安全漏洞，该漏洞源于在Sails 应用程序中，攻击者可以发送虚拟请求，导致节点进程崩溃。

N/A

N/A