Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IPX is Vulnerable to Path Traversal via Prefix Matching Bypass
Vulnerability Description
IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
IPX 安全漏洞
Vulnerability Description
IPX是UnJS开源的一个图像优化器。 IPX 1.3.1及之前版本、2.0.0-0版本至2.1.0版本和3.0.0版本至3.1.0版本存在安全漏洞,该漏洞源于路径前缀检查不当,可能导致路径前缀绕过。
CVSS Information
N/A
Vulnerability Type
N/A