RSS   Podatności dla 'Pomelo'   RSS

2019-11-14
 
CVE-2019-18954

CWE-74
 

 
Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input.

 

 >>> Vendor: Netease 8 Produkty
Neteaseweibo
Netease cloudalbum
Youdao dictionary
Netease reader
Netease pmail
Netease weibohd
Pomelo
Pomelo-monitor


Copyright 2024, cxsecurity.com

 

Back to Top