Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution leading to Remote Code Execution in superjson
Vulnerability Description
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Superjson 代码注入漏洞
Vulnerability Description
Superjson是一个将 JavaScript 表达式安全地序列化为 Json 的超集。 superjson 存在代码注入漏洞,该漏洞允许输入在任何服务器上使用superjson输入运行任意代码,而无需事先验证或了解。唯一的要求是服务器实现至少一个端点,在请求处理期间使用superjson。这已经在superjson 1.8.1中被修补。建议用户进行更新。对于这个问题没有已知的解决方法。
CVSS Information
N/A
Vulnerability Type
N/A