CNNVD-202602-925 Information
CNNVD ID
CNNVD-202602-925
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
@adonisjs/lucid是AdonisJS Framework开源的一个数据库对象关系映射库。 @adonisjs/lucid 10.1.3之前版本和11.0.0-next.9之前版本存在安全漏洞,该漏洞源于多部分表单数据解析中存在原型污染,可能导致远程攻击者操纵对象原型。
Description (English)
@adonisjs/lucid is an open-source database of AdonisJS Framework. @adonisjs/lucid 10.1.3 and 11.0.0-next.9 have security loopholes, which stem from the presence of prototype contamination in multi-part table data analysis, which may lead to remote attackers manipulating the object prototype.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
AdonisJS Framework
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9 https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c https://access.redhat.com/security/cve/cve-2026-25754
Patch
https://github.com/adonisjs/bodyparser/releases
Share on: