Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/sails@0.10.0-rc11
Typenpm
Namespace
Namesails
Version0.10.0-rc11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.5.7
Latest_non_vulnerable_version1.5.7
Affected_by_vulnerabilities
0
url VCID-1664-tgnt-a3hq
vulnerability_id VCID-1664-tgnt-a3hq
summary 
Improper Input Validation
Sails.js allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-21036
reference_id
reference_type
scores
0
value 0.00714
scoring_system epss
scoring_elements 0.72707
published_at 2026-06-04T12:55:00Z
1
value 0.00714
scoring_system epss
scoring_elements 0.72754
published_at 2026-06-06T12:55:00Z
2
value 0.00714
scoring_system epss
scoring_elements 0.72746
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-21036
1
reference_url https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md
2
reference_url https://github.com/balderdashy/sails-hook-sockets
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails-hook-sockets
3
reference_url https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44
4
reference_url https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e
5
reference_url http://www.openwall.com/lists/oss-security/2020/07/19/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/07/19/1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-21036
reference_id CVE-2018-21036
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-21036
7
reference_url https://github.com/advisories/GHSA-f7f4-hqp2-7prc
reference_id GHSA-f7f4-hqp2-7prc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7f4-hqp2-7prc
fixed_packages
0
url pkg:npm/sails@1.0.1
purl pkg:npm/sails@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkee-9r97-jyhu
1
vulnerability VCID-pmc7-wajy-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sails@1.0.1
aliases CVE-2018-21036, GHSA-f7f4-hqp2-7prc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1664-tgnt-a3hq
1
url VCID-894w-kccs-u7et
vulnerability_id VCID-894w-kccs-u7et
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.
references
0
reference_url http://sailsjs.org/documentation/concepts/security/cors
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://sailsjs.org/documentation/concepts/security/cors
1
reference_url http://sailsjs.org/documentation/reference/configuration/sails-config-cors
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://sailsjs.org/documentation/reference/configuration/sails-config-cors
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10549
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.49013
published_at 2026-06-06T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48941
published_at 2026-06-04T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.49002
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10549
3
reference_url https://github.com/balderdashy/sails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails
4
reference_url https://github.com/balderdashy/sails/commit/0057123a0321be6758845abbeb4290bf418ce542
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails/commit/0057123a0321be6758845abbeb4290bf418ce542
5
reference_url https://github.com/balderdashy/sails/releases/tag/v0.12.7
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails/releases/tag/v0.12.7
6
reference_url https://nodesecurity.io/advisories/148
reference_id
reference_type
scores
url https://nodesecurity.io/advisories/148
7
reference_url https://www.npmjs.com/advisories/148
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/148
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-10549
reference_id CVE-2016-10549
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-10549
9
reference_url https://github.com/advisories/GHSA-qmv4-jgp7-mf68
reference_id GHSA-qmv4-jgp7-mf68
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qmv4-jgp7-mf68
fixed_packages
0
url pkg:npm/sails@0.12.7
purl pkg:npm/sails@0.12.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1664-tgnt-a3hq
1
vulnerability VCID-hkee-9r97-jyhu
2
vulnerability VCID-pmc7-wajy-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sails@0.12.7
aliases CVE-2016-10549, GHSA-qmv4-jgp7-mf68
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-894w-kccs-u7et
2
url VCID-hkee-9r97-jyhu
vulnerability_id VCID-hkee-9r97-jyhu
summary 
Uncaught Exception
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38504
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53658
published_at 2026-06-06T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53649
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38504
1
reference_url https://github.com/balderdashy/sails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails
2
reference_url https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/
url https://github.com/balderdashy/sails/commit/4a023dc5095a4b30fdc8535f705ed34cd22d2f7d
3
reference_url https://github.com/balderdashy/sails/pull/7287
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/
url https://github.com/balderdashy/sails/pull/7287
4
reference_url https://github.com/balderdashy/sails/releases/tag/v1.5.7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/
url https://github.com/balderdashy/sails/releases/tag/v1.5.7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38504
reference_id CVE-2023-38504
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38504
6
reference_url https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7
reference_id GHSA-gpw9-fwm8-7rx7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:36:54Z/
url https://github.com/balderdashy/sails/security/advisories/GHSA-gpw9-fwm8-7rx7
fixed_packages
0
url pkg:npm/sails@1.5.7
purl pkg:npm/sails@1.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sails@1.5.7
aliases CVE-2023-38504, GHSA-gpw9-fwm8-7rx7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkee-9r97-jyhu
3
url VCID-pmc7-wajy-juf8
vulnerability_id VCID-pmc7-wajy-juf8
summary 
Prototype Pollution in sails
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44908
reference_id
reference_type
scores
0
value 0.00456
scoring_system epss
scoring_elements 0.64215
published_at 2026-06-04T12:55:00Z
1
value 0.00456
scoring_system epss
scoring_elements 0.64267
published_at 2026-06-06T12:55:00Z
2
value 0.00456
scoring_system epss
scoring_elements 0.64259
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44908
1
reference_url https://github.com/balderdashy/sails
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails
2
reference_url https://github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32
3
reference_url https://github.com/balderdashy/sails/commit/7c5379a656bb305c958df1dcc2b51a9668830358
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails/commit/7c5379a656bb305c958df1dcc2b51a9668830358
4
reference_url https://github.com/balderdashy/sails/issues/7209
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/balderdashy/sails/issues/7209
5
reference_url https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44908
reference_id CVE-2021-44908
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44908
7
reference_url https://github.com/advisories/GHSA-8v3j-jfg3-v3fv
reference_id GHSA-8v3j-jfg3-v3fv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v3j-jfg3-v3fv
fixed_packages
0
url pkg:npm/sails@1.4.1
purl pkg:npm/sails@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hkee-9r97-jyhu
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sails@1.4.1
aliases CVE-2021-44908, GHSA-8v3j-jfg3-v3fv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmc7-wajy-juf8
4
url VCID-spcy-46ve-7qgz
vulnerability_id VCID-spcy-46ve-7qgz
summary 
Broken CORS
Sails has an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.
references
0
reference_url http://sailsjs.org/documentation/concepts/security/cors
reference_id
reference_type
scores
url http://sailsjs.org/documentation/concepts/security/cors
1
reference_url http://sailsjs.org/documentation/reference/configuration/sails-config-cors
reference_id
reference_type
scores
url http://sailsjs.org/documentation/reference/configuration/sails-config-cors
2
reference_url https://github.com/balderdashy/sails/commit/ca43e0507af79f15361789a3489013b01c8e1825
reference_id
reference_type
scores
url https://github.com/balderdashy/sails/commit/ca43e0507af79f15361789a3489013b01c8e1825
fixed_packages
0
url pkg:npm/sails@0.12.7
purl pkg:npm/sails@0.12.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1664-tgnt-a3hq
1
vulnerability VCID-hkee-9r97-jyhu
2
vulnerability VCID-pmc7-wajy-juf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/sails@0.12.7
aliases GMS-2016-74
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-spcy-46ve-7qgz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/sails@0.10.0-rc11