Node.js Web Application does not handle unhandledRejection

Severity: Medium

Summary#

Invicti detected that the applicaton does not handle unhandled rejection.

The unhandledRejection event is emitted whenever a Promise is rejected and no error handler is attached to the promise within a turn of the event loop. By default, Node.js handles such exceptions by printing the stack trace to stderr and exiting with code 1. It's recommended to implement a handler function for this unhandled event.

Impact#

An attacker can force the web application to terminate by generating an exception.

Actions To Take#

Your web application should implement a handler function for the unhandledRejection event.

Classifications#

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N, CWE-248, OWASP 2017-A6, WASC-14, OWASP 2013-A5

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

Related Vulnerabilities

Node.js Web Application does not handle unhandledRejection

Related Articles

Build your resistance to threats. And save hundreds of hours each month.