Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
hoolock does not block Prototype pollution with object-path related utilities
Vulnerability Description
hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-1321
Vulnerability Title
hoolock 安全漏洞
Vulnerability Description
hoolock是elijahharry个人开发者的一个轻量级实用程序套件。 hoolock 2.0.0版本至2.2.1之前版本存在安全漏洞,该漏洞源于与对象路径相关的函数不会阻止访问或更改对象原型。
CVSS Information
N/A
Vulnerability Type
N/A