Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
auth-js Vulnerable to Insecure Path Routing from Malformed User Input
Vulnerability Description
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.69.1.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
auth-js 路径遍历漏洞
Vulnerability Description
auth-js是Supabase开源的一个Supabase Auth的同构Javascript库。 auth-js 2.69.1之前版本存在路径遍历漏洞,该漏洞源于未验证用户提供的UUID,可能导致URL路径遍历。
CVSS Information
N/A
Vulnerability Type
N/A