Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
querymen 安全漏洞
Vulnerability Description
querymen是个人开发者的一个用于 MongoDB、Express 和 Nodejs 的查询字符串解析器中间件。 querymen存在安全漏洞,该漏洞源于该中间件容易受到原型污染。
CVSS Information
N/A
Vulnerability Type
N/A