Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Flitbit json-pointer 注入漏洞
Vulnerability Description
Flitbit json-pointer是个人开发者的一个javascript的JSON库。该库可以通过指针的方式操作JSON结构数据。 Flitbit json-pointer 所有版本存在安全漏洞,该漏洞源于当force标志设置为真时。函数递归地在目标对象中设置属性,但是它没有正确地检查所设置的键,导致原型污染。
CVSS Information
N/A
Vulnerability Type
N/A