VulnerableCode Package Details - pkg:npm/sails@0.8.892

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/sails@0.8.892

Essentials
History (5)

purl	pkg:npm/sails@0.8.892

Next non-vulnerable version	1.5.7
Latest non-vulnerable version	1.5.7
Risk	4.5

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-3hs2-w4t6-yqdg Aliases: CVE-2021-44908 GHSA-8v3j-jfg3-v3fv	Prototype Pollution in Sails.js	1.4.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-49jp-55g8-kqcq Aliases: CVE-2018-21036 GHSA-f7f4-hqp2-7prc	Improper Input Validation in sails-hook-sockets	1.0.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4s9y-5ead-g3gu Aliases: CVE-2016-10549 GHSA-qmv4-jgp7-mf68	Sails before 0.12.7 vulnerable to Broken CORS	0.12.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-u6am-rnqu-e3gx Aliases: GMS-2016-74	Broken CORS Sails has an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.	0.12.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zuet-qgkb-7qf5 Aliases: CVE-2023-38504 GHSA-gpw9-fwm8-7rx7	Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.	1.5.7 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:01:35.542902+00:00	GitLab Importer	Affected by	VCID-zuet-qgkb-7qf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sails/CVE-2023-38504.yml	38.6.0
2026-06-12T18:02:46.943989+00:00	GitLab Importer	Affected by	VCID-3hs2-w4t6-yqdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sails/CVE-2021-44908.yml	38.6.0
2026-06-12T17:23:08.725107+00:00	GitLab Importer	Affected by	VCID-49jp-55g8-kqcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sails/CVE-2018-21036.yml	38.6.0
2026-06-12T17:08:19.274757+00:00	GitLab Importer	Affected by	VCID-4s9y-5ead-g3gu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sails/CVE-2016-10549.yml	38.6.0
2026-06-12T16:51:01.747288+00:00	GitLab Importer	Affected by	VCID-u6am-rnqu-e3gx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/sails/GMS-2016-74.yml	38.6.0