漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
http-swagger 安全漏洞
Vulnerability Description
http-swagger是一个 net/http 包装器。 http-swagger 1.2.6之前版本存在安全漏洞,该漏洞源于允许攻击者通过PUT请求进行跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A