Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dioxus Components has JavaScript injection via user-supplied IDs
Vulnerability Description
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue.
CVSS Information
N/A
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
Dioxus Components 安全漏洞
Vulnerability Description
Dioxus Components是Dioxus Labs开源的一个基础组件。 Dioxus Components 41e4242ecb1062d04ae42a5215363c1d9fd4e23a之前版本存在安全漏洞,该漏洞源于use_animated_open函数使用用户提供的id格式化eval字符串,可能导致代码注入。
CVSS Information
N/A
Vulnerability Type
N/A