Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
http-swagger 安全漏洞
Vulnerability Description
http-swagger是一个 net/http 包装器。 http-swagger 1.2.6之前版本存在安全漏洞,该漏洞源于允许攻击者通过PUT请求进行跨站脚本(XSS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A