漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
paypal-ipn 安全漏洞
Vulnerability Description
paypal-ipn是一个用于验证PayPal IPN消息的node.js包。 paypal-ipn 3.0.0之前版本中存在安全漏洞。攻击者可通过使用模拟器构建请求利用该漏洞欺骗没有检测‘test_ipn’参数的任意应用程序。
CVSS Information
N/A
Vulnerability Type
N/A