漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Para Inserts Sensitive Information into Log File for Facebook authentication
Vulnerability Description
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
para 日志信息泄露漏洞
Vulnerability Description
para是Erudika开源的一个多租户后端服务器,用于快速构建web和移动应用程序。 para 1.50.8之前版本存在日志信息泄露漏洞,该漏洞源于日志中明文记录访问令牌,可能导致令牌泄露。
CVSS Information
N/A
Vulnerability Type
N/A