Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
对一个或多个特殊元素实例的过滤不完全
Vulnerability Title
Validator.js 安全漏洞
Vulnerability Description
Validator.js是validatorjs开源的一个字符串验证器 Validator.js 13.15.22之前版本存在安全漏洞,该漏洞源于isLength函数未考虑Unicode变体选择器,可能导致字符串长度计算不当。
CVSS Information
N/A
Vulnerability Type
N/A