Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Preload arbitrary resources by injecting additional `Link` headers
Vulnerability Description
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Express.js 安全漏洞
Vulnerability Description
Express.js是expressjs开源的一个 Node.js 的快速、无限制、极简的 web 框架。 Express.js 3.21.2及之前版本存在安全漏洞,该漏洞源于response.links函数使用未经审核的数据时,可在Link标头中注入任意资源。
CVSS Information
N/A
Vulnerability Type
N/A