Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS)
Vulnerability Description
All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
npm pg-native 代码问题漏洞
Vulnerability Description
npm pg-native是美国npm公司的一种 node.js 和 PostgreSQL 之间的高性能原生绑定,通过 libpq 使用简单的 API。 pg-native 存在代码问题漏洞,该漏洞源于当该插件尝试将第二个参数转换为数组时,容易受到拒绝服务 (DoS)。
CVSS Information
N/A
Vulnerability Type
N/A