Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
@tsed/core 资源管理错误漏洞
Vulnerability Description
@tsed/core是个人开发者的一个NPM库。该库可帮助开发者构建命令行应用。 @tsed/core 5.65.7 之前版本存在安全漏洞,该漏洞源于DeepExtend函数,该函数用作utils目录的一部分。 根据是否提供用户输入,攻击者可利用该漏洞覆盖和污染程序的对象原型。
CVSS Information
N/A
Vulnerability Type
N/A