漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
rymcu forest BankController.java GlobalResult authorization
Vulnerability Description
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
forest 安全漏洞
Vulnerability Description
forest是RYMCU开源的一款现代化的知识社区后台项目,使用 SpringBoot + Shiro + MyBatis + JWT + Redis 实现。 forest存在安全漏洞,该漏洞源于文件src/main/java/com/rymcu/forest/web/api/bank/BankController.java中的GlobalResult函数缺少授权,可能导致远程攻击。
CVSS Information
N/A
Vulnerability Type
N/A