Node.js Web Application does not handle unhandledRejection

Severity: Medium

Invicti detected that the applicaton does not handle unhandled rejection.

The unhandledRejection event is emitted whenever a Promise is rejected and no error handler is attached to the promise within a turn of the event loop. By default, Node.js handles such exceptions by printing the stack trace to stderr and exiting with code 1. It's recommended to implement a handler function for this unhandled event.


An attacker can force the web application to terminate by generating an exception.

Actions To Take#

Your web application should implement a handler function for the unhandledRejection event.

Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo