Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JSONata expression can pollute the "Object" prototype
Vulnerability Description
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1321
Vulnerability Title
JSONata 安全漏洞
Vulnerability Description
JSONata是一种 JSON 查询和转换语言。 JSONata 1.4.0版本至2.0.4之前版本存在安全漏洞,该漏洞源于恶意表达式可以使用转换运算符覆盖对象构造函数和原型上的属性,这可能会导致拒绝服务、远程代码执行或其他意外行为。
CVSS Information
N/A
Vulnerability Type
N/A