Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Authorization in /user/namespace/{namespace}/details
Vulnerability Description
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in /user/namespace/{namespace}/details/logo and allowed a user to change the logo.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
Eclipse Open VSX 安全漏洞
Vulnerability Description
Eclipse Open VSX是Eclipse开源的一个代码扩展的开源注册表。 Eclipse Open VSX v0.9.0版本至v0.20.0版本存在安全漏洞,该漏洞源于/user/namespace/{namespace}/details API允许用户编辑所有命名空间详细信息,即使用户不是命名空间所有者或贡献者。
CVSS Information
N/A
Vulnerability Type
N/A