Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Code Execution
Vulnerability Description
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Bugventure Jsen 安全漏洞
Vulnerability Description
Bugventure Jsen是Bugventure个人开发者的一个用于校验Json对象的 Js 软件包。 jsen 存在安全漏洞,攻击者可利用该漏洞可以控制模式文件,那么它可以在受害机器上运行任意的JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A