Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Handling of Unexpected Data Type in ced
Vulnerability Description
ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a `Buffer` using `Buffer.isBuffer(obj)`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
非预期数据类型处理不恰当
Vulnerability Title
Github ced 输入验证错误漏洞
Vulnerability Description
Github ced是一个应用软件。使用 Google 的compact_enc_det库检测字符编码。 Github ced 中存在输入验证错误漏洞,该漏洞源于产品未对用户输入数据类型做有效验证。攻击者可通过向目标发送非Buffer数据导致Nodejs进程崩溃。以下产品及版本受到影响:Sonicdoe Ced v0.1.0 版本。
CVSS Information
N/A
Vulnerability Type
N/A