漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State
Vulnerability Description
@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. This may lead to logic bypasses and unauthorized record modification within a table or model. This affects @adonisjs/lucid through version 21.8.1 and 22.x pre-release versions prior to 22.0.0-next.6. This has been patched in @adonisjs/lucid versions 21.8.2 and 22.0.0-next.6.
CVSS Information
N/A
Vulnerability Type
CWE-915
Vulnerability Title
@adonisjs/lucid 安全漏洞
Vulnerability Description
@adonisjs/lucid是AdonisJS Framework开源的一个数据库对象关系映射库。 @adonisjs/lucid 21.8.2之前版本和22.0.0-next.6之前版本存在安全漏洞,该漏洞源于存在批量分配漏洞,可能导致逻辑绕过和未经授权的记录修改。
CVSS Information
N/A
Vulnerability Type
N/A