CVE-2023-38504

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 27, 2023

Updated: Aug 3, 2023

CWE ID 248

Summary

CVE-2023-38504 is a vulnerability affecting Sails, a real-time MVC Framework for Node.js. Prior to version 1.5.7, Sails apps are susceptible to a malicious virtual request that can cause the node process to crash. This issue has been rectified in the latest version, but as a temporary solution, users can disable the sockets hook and eliminate the `sails.io.js` client to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Sailsjs Sails

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCSYbn
https://www.cve.org/CVERecord?id=CVE-2023-38504
https://nvd.nist.gov/vuln/detail/CVE-2023-38504

Back to Vulnerability Database

CVE-2023-38504

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations