Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WebApi Authentication attribute missing in Smartstore
Vulnerability Description
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
yed 访问控制错误漏洞
Vulnerability Description
yed是Yworks的一款优秀的绘图软件。该产品可以快速的根据数据生成高质量图表,并且可以通过模板算法根据数据自动生成图表。 yed 中存在访问控制错误漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。
CVSS Information
N/A
Vulnerability Type
N/A