CVE-2023-38504
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-38504
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38504.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-38504
- Aliases
- Published
- 2023-07-27T18:12:05.419Z
- Modified
- 2025-12-04T23:59:14.466763Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Sails DoS vulnerability for apps with sockets enabled
- Details
-
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the
sails.io.jsclient. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-248" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38504.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/38xxx/CVE-2023-38504.json
- https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d
- https://github.com/balderdashy/sails/pull/7287
- https://github.com/balderdashy/sails/releases/tag/v1.5.7
- https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7
- https://nvd.nist.gov/vuln/detail/CVE-2023-38504
Affected packages
Git / github.com/balderdashy/sails
Affected ranges
- Type
- GIT
- Repo
- https://github.com/balderdashy/sails
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.11.0-rc10
0.11.0-rc6
0.11.0-rc7
0.11.0-rc8
0.11.0-rc9
0.9preview
12.*
12.11.07.24
12.11.0721
12.11.0722
12.11.0723
12.11.0724
12.11.08
12.11.0812
12.11.0813
12.11.0818
12.11.0819
12.11.1400
12.11.1411
12.11.1413
12.11.1414
12.11.1600
12.11.1700
12.11.1716
12.11.1799
12.11.1799gls
12.11.1800
12.11.1900
12.11.1901
12.11.2000
12.11.2001
12.11.2400
12.11.2418
12.11.2419
12.11.2423
12.11.2424
12.11.2600
12.11.2601
12.11.2604
12.11.2605
12.11.2606
12.11.26120
12.11.2618
12.11.2619
12.11.2620
12.11.2900
12.12.0300
12.12.1800
12.12.2000
12.7.26
Other
enlyton-release
experimentMergePoint
wl-rc13
v0.*
v0.1.5
v0.1.5-1
v0.1.6-0
v0.10.0-rc1
v0.10.0-rc10
v0.10.0-rc11
v0.10.0-rc2
v0.10.0-rc3
v0.10.0-rc4
v0.10.0-rc5
v0.10.0-rc6
v0.10.0-rc7
v0.10.0-rc8
v0.10.0-rc9
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.11.0-rc2
v0.11.0-rc3
v0.11.0-rc4
v0.11.0-rc5
v0.12.0
v0.12.0-rc1
v0.12.0-rc2
v0.12.0-rc3
v0.12.0-rc5
v0.12.0-rc6
v0.12.0-rc7
v0.12.0-rc8
v0.12.0-rc9
v0.12.07-rc7
v0.12.1
v0.12.2
v0.12.2-0
v0.12.3
v0.12.4
v0.12.4-rc1
v0.12.4-rc2
v0.12.4-rc3
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.7.0-1
v0.7.0-2
v0.7.0-3
v0.7.0-4
v0.7.0-5
v0.7.0-6
v0.7.0-8
v0.7.1-0
v0.7.2
v0.7.3
v0.7.4
v0.7.4-1
v0.7.5-0
v0.7.6-0
v0.7.7-0
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.73
v0.8.74
v0.8.75
v0.8.76
v0.8.77
v0.8.78
v0.8.79
v0.8.80
v0.8.81
v0.8.82
v0.8.83
v0.8.84
v0.8.85
v0.8.86
v0.8.87
v0.8.88
v0.8.89
v0.8.89-1
v0.8.892
v0.8.894
v0.8.895
v0.8.9
v0.8.91
v0.8.92
v0.8.93
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v1.*
v1.0.0
v1.0.0-10
v1.0.0-11
v1.0.0-12
v1.0.0-13
v1.0.0-14
v1.0.0-15
v1.0.0-16
v1.0.0-17
v1.0.0-18
v1.0.0-19
v1.0.0-20
v1.0.0-21
v1.0.0-22
v1.0.0-23
v1.0.0-24
v1.0.0-25
v1.0.0-26
v1.0.0-27
v1.0.0-28
v1.0.0-29
v1.0.0-30
v1.0.0-31
v1.0.0-32
v1.0.0-33
v1.0.0-34
v1.0.0-35
v1.0.0-36
v1.0.0-37
v1.0.0-38
v1.0.0-39
v1.0.0-40
v1.0.0-41
v1.0.0-42
v1.0.0-43
v1.0.0-44
v1.0.0-45
v1.0.0-46
v1.0.0-47
v1.0.0-48
v1.0.0-49
v1.0.0-5
v1.0.0-6
v1.0.0-7
v1.0.0-8
v1.0.0-9
v1.0.1
v1.0.2
v1.0.2-0
v1.0.3-0
v1.0.3-1
v1.0.3-2
v1.0.3-3
v1.0.3-4
v1.1.0
v1.1.0-0
v1.1.0-1
v1.1.0-2
v1.1.0-3
v1.2.0
v1.2.0-0
v1.2.0-1
v1.2.0-2
v1.2.0-3
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6