Open nathaniel-watson-ctg-com opened 4 hours ago
@nathaniel-watson-ctg-com Thanks for posting! We'll take a look as soon as possible.
In the mean time, there are a few ways you can help speed things along:
Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.
For help with questions about Sails, click here.
I can't really think of a workaround for this. This issue is relevant because it's a security issue. I didn't use any third party plugins when verifying the issue.
Node version: v20.18.0 Sails version (sails): 1.5.12 ORM hook version (sails-hook-orm): N/A Sockets hook version (sails-hook-sockets): N/A Organics hook version (sails-hook-organics): N/A Grunt hook version (sails-hook-grunt): N/A Uploads hook version (sails-hook-uploads): N/A DB adapter & version (e.g. sails-mysql@5.55.5): N/A Skipper adapter & version (e.g. skipper-s3@5.55.5): N/A
Sails is currently referencing a slightly out of date version of Express within the 4.x line. Express has been updated: https://github.com/expressjs/express/blob/4.x/package.json . This is introducing a vulnerability: https://github.com/advisories/GHSA-pxg6-pf52-xh8x . The Express entry should be updated.