Sails.js <= 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). A patch is available in the master
branch of Sails.js’s GItHub repository.
github.com/balderdashy/sails
github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32
github.com/balderdashy/sails/commit/7c5379a656bb305c958df1dcc2b51a9668830358
github.com/balderdashy/sails/issues/7209
github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip
nvd.nist.gov/vuln/detail/CVE-2021-44908