Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@aedart/support possibly vulnerable to prototype pollution in metadata record, when using meta decorator
Vulnerability Description
@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
CWE-1321
Vulnerability Title
aedart ion 安全漏洞
Vulnerability Description
aedart ion是丹麦Alin Eugen Deac个人开发者的一个提供多功能包的产品。 aedart ion 0.6.1之前版本存在安全漏洞,该漏洞源于可能存在原型污染问题。
CVSS Information
N/A
Vulnerability Type
N/A