漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
flitto express-param fetchParams.js parameter pollution
Vulnerability Description
A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对额外参数处理不恰当
Vulnerability Title
express 安全漏洞
Vulnerability Description
express是expressjs开源的一个 Node.js 的快速、无限制、极简的 web 框架。 express 0.x版本及之前版本存在安全漏洞,该漏洞源于对额外参数处理不当。
CVSS Information
N/A
Vulnerability Type
N/A