{"id":"CVE-2021-44908","details":"SailsJS Sails.js \u003c=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().","aliases":["GHSA-8v3j-jfg3-v3fv"],"modified":"2026-04-10T04:36:20.183578Z","published":"2022-03-17T12:15:07.800Z","references":[{"type":"WEB","url":"https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/sailsJS%20PoC.zip"},{"type":"ADVISORY","url":"https://github.com/balderdashy/sails/blob/master/lib/app/private/controller/load-action-modules.js#L32"},{"type":"FIX","url":"https://github.com/balderdashy/sails/issues/7209"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/balderdashy/sails","events":[{"introduced":"0"},{"last_affected":"88554dfb84b2867dabe4599261f72f267efae19c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.0"}]}}],"versions":["0.11.0-rc10","0.11.0-rc6","0.11.0-rc7","0.11.0-rc8","0.11.0-rc9","0.9preview","12.11.07.24","12.11.0721","12.11.0722","12.11.0723","12.11.0724","12.11.08","12.11.0812","12.11.0813","12.11.0818","12.11.0819","12.11.1400","12.11.1411","12.11.1413","12.11.1414","12.11.1600","12.11.1700","12.11.1716","12.11.1799","12.11.1799gls","12.11.1800","12.11.1900","12.11.1901","12.11.2000","12.11.2001","12.11.2400","12.11.2418","12.11.2419","12.11.2423","12.11.2424","12.11.2600","12.11.2601","12.11.2604","12.11.2605","12.11.2606","12.11.26120","12.11.2618","12.11.2619","12.11.2620","12.11.2900","12.12.0300","12.7.26","enlyton-release","v0.10.0-rc1","v0.10.0-rc10","v0.10.0-rc11","v0.10.0-rc2","v0.10.0-rc3","v0.10.0-rc4","v0.10.0-rc5","v0.10.0-rc6","v0.10.0-rc8","v0.10.1","v0.10.2","v0.10.4","v0.10.5","v0.11.0","v0.11.0-rc5","v0.12.0-rc1","v0.12.0-rc2","v0.12.0-rc3","v0.12.0-rc5","v0.12.0-rc6","v0.12.0-rc7","v0.12.07-rc7","v0.12.2","v0.12.2-0","v0.12.3","v0.12.4","v0.12.4-rc1","v0.12.4-rc2","v0.12.4-rc3","v0.2.1","v0.3.0","v0.7.0-1","v0.7.0-2","v0.7.0-3","v0.7.0-4","v0.7.0-5","v0.7.0-6","v0.7.0-8","v0.7.1-0","v0.7.2","v0.7.4-1","v0.7.5-0","v0.7.6-0","v0.7.7-0","v0.7.8","v0.7.9","v0.8.0","v0.8.1","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.8.73","v0.8.74","v0.8.75","v0.8.76","v0.8.77","v0.8.78","v0.8.79","v0.8.80","v0.8.81","v0.8.82","v0.8.83","v0.8.84","v0.8.85","v0.8.86","v0.8.87","v0.8.88","v0.8.89","v0.8.89-1","v0.8.892","v0.8.894","v0.8.895","v0.8.93","v0.9.0","v0.9.1","v0.9.2","v0.9.3","v1.0.0","v1.0.0-10","v1.0.0-11","v1.0.0-12","v1.0.0-13","v1.0.0-14","v1.0.0-15","v1.0.0-16","v1.0.0-17","v1.0.0-18","v1.0.0-19","v1.0.0-20","v1.0.0-21","v1.0.0-22","v1.0.0-23","v1.0.0-26","v1.0.0-29","v1.0.0-30","v1.0.0-31","v1.0.0-32","v1.0.0-33","v1.0.0-34","v1.0.0-35","v1.0.0-36","v1.0.0-38","v1.0.0-39","v1.0.0-40","v1.0.0-41","v1.0.0-42","v1.0.0-43","v1.0.0-44","v1.0.0-45","v1.0.0-46","v1.0.0-47","v1.0.0-48","v1.0.0-49","v1.0.0-5","v1.0.0-6","v1.0.0-7","v1.0.0-8","v1.0.0-9","v1.0.1","v1.0.2","v1.0.2-0","v1.0.3-0","v1.0.3-1","v1.0.3-2","v1.0.3-3","v1.0.3-4","v1.1.0","v1.1.0-0","v1.1.0-1","v1.1.0-2","v1.1.0-3","v1.2.0","v1.2.0-0","v1.2.0-1","v1.2.0-2","v1.2.0-3","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.3.0","v1.3.1","v1.4.0","wl-rc13"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44908.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}