16 matches found
EUVD-2020-0552
Malware in sbrugna...
CVE-2018-21036
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
Sails.js 安全漏洞
Sails.js is a Node.js-based web application framework from Sails, Inc. in the United States. A security vulnerability exists in Sails.js versions prior to 1.5.7, which originates in a Sails application, where an attacker can send a virtual request that causes the node process to crash...
GHSA-8V3J-JFG3-V3FV Prototype Pollution in Sails.js
Sails.js = 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules. A patch is available in the master branch of Sails.js's GItHub repository...
Prototype Pollution in Sails.js
Sails.js = 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules. A patch is available in the master branch of Sails.js's GItHub repository...
CVE-2021-44908
SailsJS Sails.js =1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules...
CVE-2021-44908
SailsJS Sails.js =1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules...
CVE-2021-44908
SailsJS Sails.js =1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules...
CVE-2021-44908
CVE-2021-44908 describes a prototype pollution flaw in Sails.js where the vulnerability exists in the function loadActionModules() inside controller/load-action-modules.js. The affected software is Sails.js versions up to and including 1.4.0. The underlying cause is prototype pollution, enabling ...
GHSA-F7F4-HQP2-7PRC Improper Input Validation in sails-hook-sockets
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
Improper Input Validation in sails-hook-sockets
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
CVE-2018-21036
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
CVE-2018-21036
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
Cross site request forgery (csrf)
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
CVE-2018-21036
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...
CVE-2018-21036
CVE-2018-21036 affects Sails.js before v1.0.0-46. The root cause is a missing error handler in the sails-hook-sockets module to handle an empty pathname in a WebSocket request, which enables a denial of service with a single request. Public references reiterate the same description. No explicit r...