漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`
Vulnerability Description
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial of service, type confusion, and potential remote code execution in downstream applications that rely on polluted objects. This vulnerability is fixed in 2.27.4.
CVSS Information
N/A
Vulnerability Type
CWE-1321
Vulnerability Title
SvelteKit 安全漏洞
Vulnerability Description
SvelteKit是Svelte开源的一套Web 开发框架。 SvelteKit 2.27.3及之前版本存在安全漏洞,该漏洞源于formData.js中parseFormData函数存在原型污染,可能导致拒绝服务、类型混淆和潜在远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A