Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Maker.js Vulnerable to Unsafe Property Copying in makerjs.extendObject
Vulnerability Description
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks `hasOwnProperty()` checks and does not filter dangerous keys, allowing inherited properties and potentially malicious properties to be copied to target objects. A patch is available in commit 85e0f12bd868974b891601a141974f929dec36b8, which is expected to be part of version 0.19.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
CWE-1321
Vulnerability Title
Maker.js 安全漏洞
Vulnerability Description
Maker.js是Microsoft开源的一个二维矢量线绘制和形状建模工具。 Maker.js 0.19.1及之前版本存在安全漏洞,该漏洞源于makerjs.extendObject函数复制源对象属性时缺乏适当验证,可能允许复制继承的或恶意的属性,从而带来安全风险。
CVSS Information
N/A
Vulnerability Type
N/A