CVE-2017-20160
express-param vulnerable to Improper Handling of Extra Parameters
9.8
CRITICAL
CVSS 3.1
EPSS 0.57%
描述
A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file `lib/fetchParams.js`. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 can address this issue. The name of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability.
如何修補 CVE-2017-20160
要修補 CVE-2017-20160,請將受影響套件升級到下列已修補版本。
- —升級至 1.0.0 或更新版本
CVE-2017-20160 正在被利用嗎?
低 — EPSS 為 0.6%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.0.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |