VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-efk1-hfuq-ybbb

Essentials
Severities (19)
References (8)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-efk1-hfuq-ybbb
Aliases	CVE-2023-38504 GHSA-gpw9-fwm8-7rx7
Summary	Uncaught Exception Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-248	Uncaught Exception

System	Score	Found at
epss	0.003	https://api.first.org/data/v1/epss?cve=CVE-2023-38504
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-gpw9-fwm8-7rx7
cvssv3.1	7.5	https://github.com/balderdashy/sails
generic_textual	HIGH	https://github.com/balderdashy/sails
cvssv3.1	7.5	https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d
generic_textual	HIGH	https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d
ssvc	Track	https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d
cvssv3.1	7.5	https://github.com/balderdashy/sails/pull/7287
generic_textual	HIGH	https://github.com/balderdashy/sails/pull/7287
ssvc	Track	https://github.com/balderdashy/sails/pull/7287
cvssv3.1	7.5	https://github.com/balderdashy/sails/releases/tag/v1.5.7
generic_textual	HIGH	https://github.com/balderdashy/sails/releases/tag/v1.5.7
ssvc	Track	https://github.com/balderdashy/sails/releases/tag/v1.5.7
cvssv3.1	7.5	https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7
cvssv3.1_qr	HIGH	https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7
generic_textual	HIGH	https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7
ssvc	Track	https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-38504
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-38504

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-38504
		https://github.com/balderdashy/sails
		https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d
		https://github.com/balderdashy/sails/pull/7287
		https://github.com/balderdashy/sails/releases/tag/v1.5.7
CVE-2023-38504		https://nvd.nist.gov/vuln/detail/CVE-2023-38504
GHSA-gpw9-fwm8-7rx7		https://github.com/advisories/GHSA-gpw9-fwm8-7rx7
GHSA-gpw9-fwm8-7rx7		https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/balderdashy/sails

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/ Found at https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/balderdashy/sails/pull/7287

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/ Found at https://github.com/balderdashy/sails/pull/7287

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/balderdashy/sails/releases/tag/v1.5.7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/ Found at https://github.com/balderdashy/sails/releases/tag/v1.5.7

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/ Found at https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-38504

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.53563
EPSS Score	0.003
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:01:26.306498+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sails/CVE-2023-38504.yml	38.6.0