Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
N/A
Vulnerability Title
sds 安全漏洞
Vulnerability Description
sds是一款结构化数据搜索软件包。 sds 0.0.0 及之后版本存在安全漏洞,该漏洞源于通过滥用位于 js/set.js 中的 set 函数,该库可能会被欺骗添加或修改 Object.prototype 的属性。
CVSS Information
N/A
Vulnerability Type
N/A