Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Swiper has a Prototype Pollution Vulnerability
Vulnerability Description
Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf() function is used to check whether user provided input contain forbidden strings. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. The exploit works across Windows and Linux and on Node and Bun runtimes. Any application that processes attacker-controlled input using this package may be affected by the following: Authentication Bypass, Denial of Service and RCE. This issue is fixed in version 12.1.2.
CVSS Information
N/A
Vulnerability Type
CWE-1321
Vulnerability Title
Swiper 安全漏洞
Vulnerability Description
Swiper是Vladimir Kharlampidi个人开发者的一个免费移动触摸滑块。旨在用于移动网站、移动 Web 应用程序和移动原生应用程序。 Swiper 6.5.1版本至12.1.1版本存在安全漏洞,该漏洞源于存在原型污染,可能导致身份验证绕过、拒绝服务和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A