GitHub Advisory DatabaseGHSA-8V3J-JFG3-V3FVPrototype Pollution in Sails.js
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
69.0%
Sails.js <= 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). A patch is available in the master branch of Sails.js’s GItHub repository.
Affected configurations
References
github.com/advisories/GHSA-8v3j-jfg3-v3fv
github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32
github.com/balderdashy/sails/commit/7c5379a656bb305c958df1dcc2b51a9668830358
github.com/balderdashy/sails/issues/7209
github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip
nvd.nist.gov/vuln/detail/CVE-2021-44908
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
69.0%