Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Malicious users can take over the session of other players
Vulnerability Description
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
会话固定
Vulnerability Title
math-geon Geon 授权问题漏洞
Vulnerability Description
math-geon Geon是一款基于解决关于勾股定理问题的棋盘游戏。 math-geon Geon 存在授权问题漏洞,攻击者利用该漏洞从其他用户那里获取 uuid,通过浏览器控制台欺骗该 uuid 并成为目标会话的共同所有者。此问题已在 1.1.0 版中修复。
CVSS Information
N/A
Vulnerability Type
N/A