Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Code Execution
Vulnerability Description
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
node-import 安全漏洞
Vulnerability Description
node-import是印度尼西亚Nanang Mahdaen El Agung个人开发者的用于导入依赖项并直接运行或连接它们并导出到文件。 node-import 存在安全漏洞,该漏洞源于此软件包容易受到任意代码执行的影响,模块功能的params参数可以由用户控制,无任何清理。
CVSS Information
N/A
Vulnerability Type
N/A