漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
Log Injection
漏洞信息
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file).
漏洞信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
漏洞
N/A
漏洞
Encode OSS Uvicorn 注入漏洞
漏洞信息
Encode OSS Uvicorn是英国Encode OSS公司的一款基于uvloop和httptools构建的ASGI(Web服务器网关接口)服务器。 Encode OSS uvicorn(所有版本)中存在安全漏洞。攻击者可借助特制的URL利用该漏洞污染uvicorn的访问日志,影响此类文件的完整性。
漏洞信息
N/A
漏洞
N/A