CNNVD-202601-1351 Information

CNNVD ID

CNNVD-202601-1351

Related CVE

CVE-2024-14020

• CNNVD Published: 2026-01-07

Description (Chinese)

carbone是CarboneIO开源的一个报告生成器。 carbone存在安全漏洞，该漏洞源于对lib/input.js文件中Formatter Handler组件操作不当，可能导致原型污染攻击。

Description (English)

Carbone is a report generator from the CarboneIO open source. Carbone had a security loophole, which stemmed from the improper operation of the Formatter Handler component in the lib/input.js document, which could lead to a prototype pollution attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CarboneIO

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/carboneio/carbone/commit/04f9feb24bfca23567706392f9ad2c53bbe4134e https://vuldb.com/?ctiid.339503 https://github.com/carboneio/carbone/releases/tag/3.5.6 https://vuldb.com/?id.339503 https://access.redhat.com/security/cve/cve-2024-14020