Summary #

Invicti detected that the applicaton does not handle unhandled rejection.

The unhandledRejection event is emitted whenever a Promise is rejected and no error handler is attached to the promise within a turn of the event loop. By default, Node.js handles such exceptions by printing the stack trace to stderr and exiting with code 1. It's recommended to implement a handler function for this unhandled event.

Impact #

An attacker can force the web application to terminate by generating an exception.

Actions To Take #

Your web application should implement a handler function for the unhandledRejection event.

Classifications #
CWE-248; WASC-14; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo