← Back

Sandstorm

sandstorm

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Sandstorm
sandstorm
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-6201
1Sandstorm
1Sandstorm
Nov 21, 2024
Feb 6, 2018
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls...Show more
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.Show less
CVE-2017-6200
1Sandstorm
1Sandstorm
Nov 21, 2024
Feb 6, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) charact...Show more
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.Show less
CVE-2017-6199
1Sandstorm
1Sandstorm
Nov 21, 2024
Feb 6, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.
CVE-2017-6198
1Sandstorm
1Sandstorm
Nov 21, 2024
Feb 6, 2018
N/A· v4
6.5 MEDIUM· v3
6.8 MEDIUM· v2
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk...Show more
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.Show less