CVE-2018-21036
- Source
- https://cve.org/CVERecord?id=CVE-2018-21036
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-21036.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-21036
- Aliases
- Published
- 2020-07-21T14:15:13.067Z
- Modified
- 2026-04-10T04:10:09.728468Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
- References
-
- http://www.openwall.com/lists/oss-security/2020/07/19/1
- https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md
- https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44
- https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e
Affected packages
Git / github.com/balderdashy/sails
Affected ranges
- Type
- GIT
- Repo
- https://github.com/balderdashy/sails
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.0.0-46" } ] }
- Type
- GIT
- Repo
- https://github.com/balderdashy/sails-hook-sockets
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.11.0-rc10
0.11.0-rc6
0.11.0-rc7
0.11.0-rc8
0.11.0-rc9
0.9preview
12.*
12.11.07.24
12.11.0721
12.11.0722
12.11.0723
12.11.0724
12.11.08
12.11.0812
12.11.0813
12.11.0818
12.11.0819
12.11.1400
12.11.1411
12.11.1413
12.11.1414
12.11.1600
12.11.1700
12.11.1716
12.11.1799
12.11.1799gls
12.11.1800
12.11.1900
12.11.1901
12.11.2000
12.11.2001
12.11.2400
12.11.2418
12.11.2419
12.11.2423
12.11.2424
12.11.2600
12.11.2601
12.11.2604
12.11.2605
12.11.2606
12.11.26120
12.11.2618
12.11.2619
12.11.2620
12.11.2900
12.12.0300
12.7.26
Other
enlyton-release
wl-rc13
v0.*
v0.10.0-rc1
v0.10.0-rc10
v0.10.0-rc11
v0.10.0-rc2
v0.10.0-rc3
v0.10.0-rc4
v0.10.0-rc5
v0.10.0-rc6
v0.10.0-rc8
v0.10.1
v0.10.2
v0.10.4
v0.10.5
v0.11.0
v0.11.0-rc5
v0.11.1
v0.11.10
v0.11.11
v0.11.12
v0.11.13
v0.11.14
v0.11.15
v0.11.16
v0.11.17
v0.11.18
v0.11.19
v0.11.2
v0.11.20
v0.11.21
v0.11.22
v0.11.23
v0.11.24
v0.11.25
v0.11.26
v0.11.27
v0.11.28
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.0-rc1
v0.12.0-rc2
v0.12.0-rc3
v0.12.0-rc5
v0.12.0-rc6
v0.12.0-rc7
v0.12.07-rc7
v0.12.1
v0.12.2
v0.12.2-0
v0.12.3
v0.12.4
v0.12.4-rc1
v0.12.4-rc2
v0.12.4-rc3
v0.13.1
v0.13.2
v0.13.3
v0.13.4
v0.13.5
v0.13.6
v0.13.7
v0.2.1
v0.3.0
v0.7.0-1
v0.7.0-2
v0.7.0-3
v0.7.0-4
v0.7.0-5
v0.7.0-6
v0.7.0-8
v0.7.1-0
v0.7.2
v0.7.4-1
v0.7.5-0
v0.7.6-0
v0.7.7-0
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.73
v0.8.74
v0.8.75
v0.8.76
v0.8.77
v0.8.78
v0.8.79
v0.8.80
v0.8.81
v0.8.82
v0.8.83
v0.8.84
v0.8.85
v0.8.86
v0.8.87
v0.8.88
v0.8.89
v0.8.89-1
v0.8.892
v0.8.894
v0.8.895
v0.8.93
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v1.*
v1.0.0
v1.0.0-10
v1.0.0-11
v1.0.0-12
v1.0.0-13
v1.0.0-14
v1.0.0-15
v1.0.0-16
v1.0.0-17
v1.0.0-18
v1.0.0-19
v1.0.0-20
v1.0.0-21
v1.0.0-22
v1.0.0-23
v1.0.0-26
v1.0.0-29
v1.0.0-30
v1.0.0-31
v1.0.0-32
v1.0.0-33
v1.0.0-34
v1.0.0-35
v1.0.0-36
v1.0.0-38
v1.0.0-39
v1.0.0-40
v1.0.0-41
v1.0.0-42
v1.0.0-43
v1.0.0-44
v1.0.0-45
v1.0.0-5
v1.0.0-6
v1.0.0-7
v1.0.0-8
v1.0.0-9
v1.0.1
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.3-0
v1.5.0
v1.5.1
v1.5.2
v1.5.2-0
v1.5.2-1
v1.5.2-2
v1.5.3
v1.5.4