CVE-2016-10549

Name of the Vulnerable Software and Affected Versions Sails versions 0.12.7 and lower

Description The issue concerns the CORS configuration in Sails, where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This allows an attacker to make AJAX requests to vulnerable hosts through cross-site scripting or a malicious HTML document, effectively bypassing the Same Origin Policy. The problem occurs when allRoutes is set to true and origin is set to * or left commented out in the Sails CORS config file. Additionally, if the cors credentials setting is not provided, authenticated cross-domain requests are possible.

Recommendations Update to version 0.12.8 or later. As a temporary workaround, consider setting allRoutes to false and explicitly defining the origin value in the Sails CORS config file to prevent vulnerable configurations. Ensure credentials is uncommented and set to the appropriate value to prevent authenticated cross-domain requests. Check for error messages after installing the patch and verify that the CORS configuration is properly set, with origin uncommented and set to a reasonable value, and credentials explicitly set to allow or disallow cross-domain requests.