Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@blakeembrey/template vulnerable to code injection when attacker controls template input
Vulnerability Description
@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Template 安全漏洞
Vulnerability Description
Template是Blake Embrey个人开发者的一个快速简单的字符串模板。 Template 1.2.0之前版本存在安全漏洞,该漏洞源于如果攻击者有权写入模板名称,则可以在模板中注入并运行代码。
CVSS Information
N/A
Vulnerability Type
N/A