Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
json-logic-js logic.js command injection
Vulnerability Description
A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
json-logic-js 命令注入漏洞
Vulnerability Description
json-logic-js是Jeremy Wadhams个人开发者的一个应用程序。用于构建复杂规则,将其序列化为 JSON,并在 JavaScript 中执行。 json-logic-js 2.0.1之前版本存在命令注入漏洞,该漏洞源于存在命令注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A