漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Information Disclosure via Flags override link
Vulnerability Description
Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint (.well-known/vercel/flags). This vulnerability allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the flags discovery endpoint, including the flag names, flag descriptions, available options and their labels (e.g. true, false), and default flag values. This issue has been patched in flags@4.0.0, users of flags and @vercel/flags should also migrate to flags@4.0.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Flags SDK 信息泄露漏洞
Vulnerability Description
Flags SDK是Vercel开源的一个Vercel的Flags SDK。 Flags SDK 3.2.0及之前版本和@vercel/flags 3.1.1及之前版本存在信息泄露漏洞,该漏洞源于信息泄露,可能导致访问功能标志列表。
CVSS Information
N/A
Vulnerability Type
N/A