Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Code Injection
Vulnerability Description
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
accesslog 代码注入漏洞
Vulnerability Description
accesslog是美国Starbuck Starfish个人开发者的一个简单的通用/组合访问日志中间件。 accesslog 存在安全漏洞,该漏洞源于构造函数缺少过滤和转义。攻击者可以输入特殊的构造函数格式利用该漏洞执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A