Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
whyour qinglong API express.ts protection mechanism
Vulnerability Description
A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.20.2 is able to address this issue. The identifier of the patch is 6bec52dca158481258315ba0fc2f11206df7b719. It is advisable to upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
保护机制失效
Vulnerability Title
qinglong 安全漏洞
Vulnerability Description
qinglong是whyour个人开发者的一个支持 Python3、JavaScript、Shell、Typescript 的定时任务管理平台。 qinglong 2.20.1及之前版本存在安全漏洞,该漏洞源于对文件back/loaders/express.ts中参数command的操作可能导致保护机制失效。
CVSS Information
N/A
Vulnerability Type
N/A