该漏洞源于 form-data 库生成“多部分表单编码边界值”的逻辑缺陷，其核心代码（第347行）采用不安全实现： Math.floor(Math.random * 10).toString(16) Math.random 生成的伪随机数可预测，攻击者通过观察其连续输出，能精准预测边界值，进而操控HTTP请求、注入恶意参数 ...

Add a description, image, and links to the substring-java topic page so that developers can more easily learn about it.

Add a description, image, and links to the java-sok topic page so that developers can more easily learn about it.