Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
rymcu forest BankController.java GlobalResult authorization
Vulnerability Description
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
forest 安全漏洞
Vulnerability Description
forest是RYMCU开源的一款现代化的知识社区后台项目,使用 SpringBoot + Shiro + MyBatis + JWT + Redis 实现。 forest存在安全漏洞,该漏洞源于文件src/main/java/com/rymcu/forest/web/api/bank/BankController.java中的GlobalResult函数缺少授权,可能导致远程攻击。
CVSS Information
N/A
Vulnerability Type
N/A