Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
seroval Affected by Prototype Pollution via JSON Deserialization
Vulnerability Description
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON deserialization functionality. This issue is fixed in version 1.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
CWE-1321
Vulnerability Title
seroval 安全漏洞
Vulnerability Description
seroval是Alexis H. Munsayac个人开发者的一个格式化Java库。 seroval 1.4.0及之前版本存在安全漏洞,该漏洞源于JSON反序列化过程中输入验证不当,可能导致原型污染。
CVSS Information
N/A
Vulnerability Type
N/A