漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in think-helper
Vulnerability Description
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
CWE-1321
Vulnerability Title
ThinkJS 代码问题漏洞
Vulnerability Description
ThinkJS是ThinkJS组织的一个基于Javascript并支持ES2015用于开发Node应用的代码库。 ThinkJS 的 Think-helper 中存在代码问题漏洞,该漏洞源于该组件接受上层组组建的输入进行对象的初始化以及修改时不能适当控制对象属性的修改 。以下产品及版本受到影响: think-helper 1.1.3之前版本。
CVSS Information
N/A
Vulnerability Type
N/A