Sandstorm Development Group, Inc.

2 exploits Active since Feb 2018

CVE-2017-6198 WRITEUP MEDIUM WRITEUP

Sandstorm < 0.203 - Denial of Service via Fork Bomb or Disk Space Exhaustion

The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.

CVSS 6.5

View Code

CVE-2017-6199 WRITEUP CRITICAL WRITEUP

sandstorm < 0.203 - Unauthenticated Organization Restriction Bypass via Email-Address Field Comma Injection

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.

CVSS 9.8

View Code