Node.js Web Application does not handle uncaughtException

Severity: Medium

Summary#

Invicti detected tha the applicaton does not handle uncaught exceptions.

The uncaughtException event is emitted when an uncaught JavaScript exception bubbles all the way back to the event loop. By default, Node.js handles such exceptions by printing the stack trace to stderr and exiting with code 1. It's recommended to implement a handler function for this unhandled event.

Impact#

An attacker can force the web application to terminate by generating an exception.

Actions To Take#

Your web application should implement a handler function for the uncaughtException event.

Classifications#

OWASP 2017-A6, WASC-14, OWASP 2013-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N, CWE-248

Node.js Web Application does not handle uncaughtException

Related Articles

Build your resistance to threats. And save hundreds of hours each month.