Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
ScratchOAuth2 授权问题漏洞
Vulnerability Description
Kenny2github ScratchOAuth2是Kenny2github开源的一个应用软件。验证Scratch帐户是否真实,以用于授权或识别。 ScratchOAuth2 存在安全漏洞,该漏洞源于SpecificApps REST API中密钥授权机制存在问题,用户控制的密钥利用授权绕过,允许应用程序所有者设置标志表明应用程序是否在他们自己的应用程序上验证。
CVSS Information
N/A
Vulnerability Type
N/A