漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute
Vulnerability Description
Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri() function when passed to preg_match(). Attackers can persist malformed JSON records that permanently crash the server-side HTML rendering pipeline for all subsequent viewers of that record until the database entry is manually repaired.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
非预期数据类型处理不恰当
Vulnerability Title
Tiptap 输入验证错误漏洞
Vulnerability Description
Tiptap Tiptap是Tiptap组织开源的一个开源的无头编辑器框架,提供 100+ 扩展及协作、AI 智能体、文档转换等付费功能,帮助开发者快速构建自定义的富文本编辑器。 Tiptap 2.1.1之前版本存在输入验证错误漏洞,该漏洞源于输入验证存在缺陷,可能导致经过身份验证的攻击者通过提交包含特制attrs.href字段的Tiptap JSON,触发Link::isAllowedUri()函数中的未处理类型错误,从而造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A