Node.js Web Application does not handle unhandledRejection

Severity: Medium

Summary#

Invicti detected that the applicaton does not handle unhandled rejection.

The unhandledRejection event is emitted whenever a Promise is rejected and no error handler is attached to the promise within a turn of the event loop. By default, Node.js handles such exceptions by printing the stack trace to stderr and exiting with code 1. It's recommended to implement a handler function for this unhandled event.

Impact#

An attacker can force the web application to terminate by generating an exception.

Actions To Take#

Your web application should implement a handler function for the unhandledRejection event.

Classifications#

OWASP 2017-A6, WASC-14, OWASP 2013-A5, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N, CWE-248

Node.js Web Application does not handle unhandledRejection

Related Articles

Build your resistance to threats. And save hundreds of hours each month.