Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Sandstorm Security Vulnerabilities

cve
cve

CVE-2017-6201

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs...

8.1CVSS

8.1AI Score

0.006EPSS

2018-02-06 04:29 PM
25
cve
cve

CVE-2017-6198

The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk...

6.5CVSS

6.4AI Score

0.001EPSS

2018-02-06 04:29 PM
24
cve
cve

CVE-2017-6199

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address...

9.8CVSS

9.3AI Score

0.012EPSS

2018-02-06 04:29 PM
28
cve
cve

CVE-2017-6200

Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory...

6.5CVSS

6.7AI Score

0.003EPSS

2018-02-06 04:29 PM
25