Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Sails 安全漏洞
Vulnerability Description
Sails是一款用于构建实时Web应用程序的MVC样式的框架。 Sails 0.12.7及之前版本中存在安全漏洞。攻击者可利用该漏洞向易受攻击的主机发送AJAX请求,绕过同源策略。
CVSS Information
N/A
Vulnerability Type
N/A