Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in think-helper
Vulnerability Description
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
CWE-1321
Vulnerability Title
ThinkJS 代码问题漏洞
Vulnerability Description
ThinkJS是ThinkJS组织的一个基于Javascript并支持ES2015用于开发Node应用的代码库。 ThinkJS 的 Think-helper 中存在代码问题漏洞,该漏洞源于该组件接受上层组组建的输入进行对象的初始化以及修改时不能适当控制对象属性的修改 。以下产品及版本受到影响: think-helper 1.1.3之前版本。
CVSS Information
N/A
Vulnerability Type
N/A