Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or __proto__ payload.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Vulnerability Type
N/A
Vulnerability Title
graphhopper 安全漏洞
Vulnerability Description
graphhopper是一个应用软件。一种快速且内存高效的Java路由引擎,根据Apache License 2.0发布。 graphhoppe 存在安全漏洞,该漏洞源于URL解析器可能会被骗去添加或修改Object的属性。以下产品及版本受到影响:graphhoppe before 3.2, from 4.0-pre1 and before 4.0。
CVSS Information
N/A
Vulnerability Type
N/A