Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype pollution in aurelia-path
Vulnerability Description
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
CWE-1321
Vulnerability Title
aurelia 代码注入漏洞
Vulnerability Description
aurelia是一个应用软件。一个基于标准的前端框架,专为高性能,雄心勃勃的应用程序而设计。 aurelia aurelia-path 存在代码注入漏洞,该漏洞源于 1.1.7 版本之前的 aurelia-path 中存在原型污染漏洞。 该漏洞暴露了使用 `aurelia-path` 包解析字符串的 Aurelia 应用程序。
CVSS Information
N/A
Vulnerability Type
N/A