漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Koa has Inefficient Regular Expression Complexity
Vulnerability Description
Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 fix the issue.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
Koa 安全漏洞
Vulnerability Description
Koa是Koa.js开源的一个中间件。 Koa存在安全漏洞,该漏洞源于使用恶意正则表达式来解析X-Forwarded-Proto和X-Forwarded-HostHTTP 标头。
CVSS Information
N/A
Vulnerability Type
N/A