Description
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().
Remediation
References
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip
https://github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32
https://github.com/balderdashy/sails/issues/7209
Related Vulnerabilities
CVE-2016-0762 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2019-10759 Vulnerability in npm package safer-eval
CVE-2020-24616 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2019-17495 Vulnerability in npm package swagger-ui
CVE-2019-10309 Vulnerability in maven package org.jenkins-ci.plugins:swarm