Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CMSaasStarter: JWT Token Not Verified on Server Session
Vulnerability Description
CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 into your fork.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
SaaS Starter 数据伪造问题漏洞
Vulnerability Description
SaaS Starter是Critical Moments开源的一个开源、快速且免费托管的 SaaS 模板/样板。 SaaS Starter 存在数据伪造问题漏洞,该漏洞源于用户JWT令牌未在服务器会话上进行验证。
CVSS Information
N/A
Vulnerability Type
N/A