Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution vulnerabilities by injecting malicious input values (e.g., "__proto__"), enabling unauthorized modification of the JavaScript Object prototype chain. Successful exploitation could lead to denial of service conditions, unexpected application behavior, or potential execution of arbitrary code in contexts where polluted properties are later accessed or executed. The issue affects versions prior to 7.0.11 and remains unpatched at the time of disclosure.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
dagre-d3-es 安全漏洞
Vulnerability Description
dagre-d3-es是Teebo个人开发者的一个js库。 dagre-d3-es 7.0.11之前版本存在安全漏洞,该漏洞源于bk模块的addConflict函数未正确清理用户输入,可能导致原型污染攻击。
CVSS Information
N/A
Vulnerability Type
N/A