npm package
sails
pkg:npm/sails
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38504 | — | < 1.5.7 | 1.5.7 | Jul 27, 2023 | Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` | ||
| CVE-2021-44908 | — | <= 1.5.2 | — | Mar 17, 2022 | SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). | ||
| CVE-2016-10549 | — | < 0.12.7 | 0.12.7 | May 31, 2018 | Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to ma |
- CVE-2023-38504Jul 27, 2023affected < 1.5.7fixed 1.5.7
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js`
- CVE-2021-44908Mar 17, 2022affected <= 1.5.2
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().
- CVE-2016-10549May 31, 2018affected < 0.12.7fixed 0.12.7
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to ma