CNNVD-202601-3189 Information
CNNVD ID
CNNVD-202601-3189
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Binary-parser是Keichi Takahashi个人开发者的一个构建工具。 Binary-parser 2.3.0之前版本存在安全漏洞,该漏洞源于在解析器字段名或编码参数中使用不可信值时直接将其插入动态生成的代码,可能导致任意JavaScript代码执行。
Description (English)
Binary-parser is a construction tool for Keichi Takahashi personal developers. Prior to Binary-parser 2.3.0, there was a security loophole, which resulted from the direct insertion of untrustworthy values into dynamic-generated codes when they were used in the solver field name or encoder parameter, which could lead to the execution of any JavaScript code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-20
Last Modified
2026-02-24
References
https://www.npmjs.com/package/binary-parser https://github.com/keichi/binary-parser/pull/283 https://www.kb.cert.org/vuls/id/102648 https://kb.cert.org/vuls/id/102648 https://access.redhat.com/security/cve/cve-2026-1245
Patch
https://github.com/keichi/binary-parser/releases
Share on: