Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未经控制的递归
Vulnerability Title
Express XSS Sanitizer 安全漏洞
Vulnerability Description
Express XSS Sanitizer是AhmedAdelFahim个人开发者的用于清理用户输入数据(在 req.body、req.query、req.headers 和 req.params 中)以防止跨站脚本 (XSS) 攻击。 Express XSS Sanitizer 2.0.0及之前版本存在安全漏洞,该漏洞源于lib/sanitize.js中对JSON请求体的清理函数存在无限递归,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A