Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Nuclide 安全漏洞
Vulnerability Description
Nuclide是一套用于Web和本机移动开发的开放式IDE(集成开发环境)。 Nuclide 0.290.0之前版本中的hhvm-attach deep link处理程序存在安全漏洞,该漏洞源于程序在渲染时未能妥当过滤‘hostname’参数。攻击者可借助恶意URL利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A