漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对一个或多个特殊元素实例的过滤不完全
Vulnerability Title
Validator.js 安全漏洞
Vulnerability Description
Validator.js是validatorjs开源的一个字符串验证器 Validator.js 13.15.22之前版本存在安全漏洞,该漏洞源于isLength函数未考虑Unicode变体选择器,可能导致字符串长度计算不当。
CVSS Information
N/A
Vulnerability Type
N/A