Vulnerabilities (CVE)

Filtered by vendor Sandstorm Subscribe

Filtered by product Sandstorm

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-6200	1 Sandstorm	1 Sandstorm	2018-03-13	4.0 MEDIUM	6.5 MEDIUM
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
CVE-2017-6198	1 Sandstorm	1 Sandstorm	2018-03-13	6.8 MEDIUM	6.5 MEDIUM
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.