漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve authentication bypass.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mall-tiny 安全漏洞
Vulnerability Description
mall-tiny是macro个人开发者的一款快速开发脚手架。 mall-tiny 1.0.1版本存在安全漏洞,该漏洞源于存在权限不安全问题,导致攻击者可伪造任意用户的JWT来实现认证绕过。
CVSS Information
N/A
Vulnerability Type
N/A