Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Limited code execution in zenstruck/collections
Vulnerability Description
zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing _callable strings_ (ie `system`) caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit `f4b1c48820` and included in release version 0.2.1. Users are advised to upgrade. Users unable to upgrade should ensure that user input is not passed to either `EntityRepository::find()` or `query()`.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
zenstruck collections 注入漏洞
Vulnerability Description
zenstruck collections是zenstruck项目的一组用于迭代/分页/过滤集合的助手。 zenstruck collections存在注入漏洞,该漏洞源于传递 _callable strings_ (如 _system_)导致函数被执行。
CVSS Information
N/A
Vulnerability Type
N/A