漏洞标题
flitto express-param fetchParams.js 参数污染
漏洞描述信息
在flitto express-param的0.x版本中发现了一个漏洞,已被分类为严重。此漏洞影响了文件lib/fetchParams.js的未知部分。该操纵会导致额外参数处理不当。攻击可以远程发起。升级到版本1.0.0可以解决此问题。补丁的标识符为db94f7391ad0a16dcfcba8b9be1af385b25c42db。建议升级受影响的组件。该漏洞的标识符为VDB-217149。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
flitto express-param fetchParams.js parameter pollution
漏洞描述信息
A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
对额外参数处理不恰当
漏洞标题
express 安全漏洞
漏洞描述信息
express是expressjs开源的一个 Node.js 的快速、无限制、极简的 web 框架。 express 0.x版本及之前版本存在安全漏洞,该漏洞源于对额外参数处理不当。
CVSS信息
N/A
漏洞类别
其他