Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Dexie 安全漏洞
Vulnerability Description
Dexie是indexedDB(浏览器中的标准数据库)的包装库,它提供了一个简洁的数据库 API。 Dexie 3.2.2之前版本, 4.0.0-alpha.1 至 4.0.0-alpha.3 之前版本存在安全漏洞,攻击者利用该漏洞可导致拒绝服务(DoS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A