BETA Shoulder is in beta — Findings may sometimes be wrong. Your feedback shapes what we fix next. Share feedback
Shoulder.dev

Understand what every change actually did to your system.
SCHEDULE FIX Monitor
High severity, but exploitation requires specific conditions.
Monitor for patches. Assess if your usage matches the vulnerable pattern.

EternalBlue

Remote code execution via SMBv1 buffer overflow, exploited by WannaCry

Severity CVSS HIGH 8.1
Exploitation Shoulder No known exploits
Fix available Unknown
CVE-2017-0144

Should I care?

This matters if:
  • Apps processing complex user input (files, forms, APIs)
  • Endpoints without schema validation
Not relevant if:
  • All inputs are validated against schemas
  • You use strict type checking at boundaries

How it breaks apps

1 Malformed input reaches parser
2 Validation is missing or weak
3 Unexpected behavior triggered
4 Crash, bypass, or code execution

Is this in your code?

Shoulder scans your codebase and tells you if CVE-2017-0144 is reachable — not just present.

npx @shoulderdev/cli trust .
Technical details

Risk by Environment

Production (public-facing) HIGH
Patch soon. Exploitation requires specific conditions but impact is severe.
Staging MEDIUM
Schedule patch. Review if this environment is network-accessible.
Internal services MEDIUM
Assess exposure. Patch if the service handles sensitive data.
Local dev only LOW
Minimal risk in isolated dev environments.

AI Development Risk

This vulnerability pattern is commonly introduced when AI generates code.

CWE-20
Improper input validation
LLMs routinely skip input validation, trusting that callers will provide well-formed data.

Detection Rules 13 rules

CWE-20 13 rules

Improper Input Validation

FastAPI Missing Request Validation
Business Logic Input Validation
Echo Missing Input Validation

External References

NVD View on NVD →
MITRE View on MITRE →
Back to Ecosystem Intelligence Browse CWE Index