Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SamuNatsu HaloBot Inter-plugin API index.js html_renderer dynamically-managed code resources
Vulnerability Description
A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component Inter-plugin API. Executing manipulation of the argument action can lead to dynamically-managed code resources. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
动态管理代码资源的控制不恰当
Vulnerability Title
HaloBot 安全漏洞
Vulnerability Description
HaloBot是SNRainiar个人开发者的一个机器人框架。 HaloBot存在安全漏洞,该漏洞源于对文件plugins/html_renderer/index.js中参数action的错误操作,可能导致动态管理代码资源。
CVSS Information
N/A
Vulnerability Type
N/A