Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-1321
Vulnerability Title
expand-object 安全漏洞
Vulnerability Description
expand-object是Jon Schlinkert个人开发者的一个使用简单符号将字符串展开为 JavaScript 对象的库。 expand-object存在安全漏洞,该漏洞源于expand函数存在原型污染。
CVSS Information
N/A
Vulnerability Type
N/A