Description
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().
Remediation
References
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip
https://github.com/balderdashy/sails/issues/7209
https://github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32
Related Vulnerabilities
CVE-2021-23384 Vulnerability in npm package koa-remove-trailing-slashes
CVE-2022-46175 Vulnerability in maven package org.webjars.bower:json5
CVE-2023-4316 Vulnerability in maven package org.webjars.npm:zod
CVE-2023-22665 Vulnerability in maven package org.apache.jena:jena-arq
CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css