Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution in Dynamoose
Vulnerability Description
Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dynamoose from version 2.0.0 and before version 2.7.0 there was a prototype pollution vulnerability in the internal utility method "lib/utils/object/set.ts". This method is used throughout the codebase for various operations throughout Dynamoose. We have not seen any evidence of this vulnerability being exploited. There is no evidence this vulnerability impacts versions 1.x.x since the vulnerable method was added as part of the v2 rewrite. This vulnerability also impacts v2.x.x beta/alpha versions. Version 2.7.0 includes a patch for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
CWE-915
Vulnerability Title
Fishcharlie Amazon Dynamoose 安全漏洞
Vulnerability Description
Fishcharlie Amazon Dynamoose是美国Fishcharlie组织的一个建模工具。提供了Amazon DynamoDB的建模工具。 Fishcharlie Amazon Dynamoose 在2.0.0和2.7.0之前版本存在安全漏洞,该漏洞源于在内部实用程序方法 lib/utils/object/set.ts 中有一个原型污染漏洞。这个方法在Dynamoose的各种操作的整个代码库中都被使用。以下产品及版本受到影响:v2.x版本。xβ/α版本。版本2.7.0。
CVSS Information
N/A
Vulnerability Type
N/A