Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Formio improperly authorized permission elevation through specially crafted request path
Vulnerability Description
Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized request could retrieve data from endpoints that should be protected. This issue is fixed in versions 3.5.7 and 4.4.3.
CVSS Information
N/A
Vulnerability Type
大小写敏感处理不恰当
Vulnerability Title
Form.io 信息泄露漏洞
Vulnerability Description
Form.io是美国Form.io公司的一个用于无服务器应用程序的组合表单和 API 平台。 Form.io 3.5.6之前版本和4.0.0-rc.1至4.4.2版本存在信息泄露漏洞,该漏洞源于路径处理存在缺陷,可能导致攻击者通过特制请求路径访问受保护的API端点。
CVSS Information
N/A
Vulnerability Type
N/A