Lucene search
GoogleOSV:GHSA-8V3J-JFG3-V3FVHistoryMar 18, 2022 - 12:01 a.m.
Prototype Pollution in Sails.js
2022-03-1800:01:11
Google
osv.dev
41
sails.js
prototype pollution
controller load action modules
EPSS
0.003
Percentile
69.0%
Sails.js <= 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). A patch is available in the master branch of Sails.js’s GItHub repository.
References
github.com/balderdashy/sails
github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32
github.com/balderdashy/sails/commit/7c5379a656bb305c958df1dcc2b51a9668830358
github.com/balderdashy/sails/issues/7209
github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip
nvd.nist.gov/vuln/detail/CVE-2021-44908
Related
osv
osv
CVE-2021-44908
2022-03-17 12:15:07
veracode
veracode
Prototype Pollution
2022-03-22 06:26:27
prion
prion
Code injection
2022-03-17 12:15:00
nvd
nvd
CVE-2021-44908
2022-03-17 12:15:07
cvelist
cvelist
CVE-2021-44908
2022-03-17 11:47:52
github
github
Prototype Pollution in Sails.js
2022-03-18 00:01:11
cve
cve
CVE-2021-44908
2022-03-17 12:15:07