4 matches found
CVE-2021-44908
CVE-2021-44908 describes a prototype pollution flaw in Sails.js where the vulnerability exists in the function loadActionModules() inside controller/load-action-modules.js. The affected software is Sails.js versions up to and including 1.4.0. The underlying cause is prototype pollution, enabling ...
CVE-2023-38504
Sails (Node.js) CVE-2023-38504 affects apps before v1.5.7. An attacker could send a virtual request that crashes the node process, enabling a Denial of Service. The issue is fixed in v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client.
CVE-2016-10549
The CVE-2016-10549 issue affects Sails (0.12.7 and earlier) where CORS is misconfigured: the origin header value can be reflected as Access-Control-Allow-Origin. This creates cross-origin risk when allRoutes is true and origin is set to * or left commented. The risk heightens if credentials are n...
CVE-2018-21036
CVE-2018-21036 affects Sails.js before v1.0.0-46. The root cause is a missing error handler in the sails-hook-sockets module to handle an empty pathname in a WebSocket request, which enables a denial of service with a single request. Public references reiterate the same description. No explicit r...