In Sails apps <=v1.5.6, an attacker can send a virtual request that will cause the node process to crash.
This behavior was fixed in Sails v1.5.7
Disable the sockets hook and remove the sails.io.js
client
https://github.com/balderdashy/sails/pull/7287
Big thanks to @ThomasRinsma at Codean!
{ "nvd_published_at": "2023-07-27T19:15:10Z", "cwe_ids": [ "CWE-248" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-27T17:13:14Z" }