Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
anji-plus AJ-Report Javascript getValueFromJs deserialization
Vulnerability Description
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
AJ-Report 安全漏洞
Vulnerability Description
AJ-Report是anji-plus开源的一个完全开源,拖拽编辑的可视化设计工具。 anji-plus AJ-Report 1.4.1及之前版本存在安全漏洞,该漏洞源于组件Javascript Handler的函数getValueFromJs存在反序列化漏洞。
CVSS Information
N/A
Vulnerability Type
N/A