Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
bodymen 安全漏洞
Vulnerability Description
bodymen是一款适用于MongoDB、Express和Nodejs(MEN)的主体解析器中间件。 bodymen存在安全漏洞,该漏洞源于处理函数容易受到原型污染。攻击者可以使用__proto__攻击负载利用该漏洞添加或修改 Object.prototype 的属性。
CVSS Information
N/A
Vulnerability Type
N/A