Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Handling of Exceptional Conditions in detect-character-encoding
Vulnerability Description
detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对异常条件的处理不恰当
Vulnerability Title
detect-character-encoding 安全漏洞
Vulnerability Description
detect-character-encoding是开源的一个 C++ 插件。 detect-character-encoding存在安全漏洞,该漏洞源于在istio istio中发现一个授权绕过漏洞。当计算用 host 或 notHost 指定的规则时,不区分大小写的主机比较不正确。这个漏洞允许攻击者可利用该漏洞绕过在规则中使用主机的Istio授权策略,从而可能获得对下游服务的访问权。来自此漏洞的最大威胁是机密性、完整性以及系统可用性。
CVSS Information
N/A
Vulnerability Type
N/A