Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Para Inserts Sensitive Information into Log File for Facebook authentication
Vulnerability Description
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
para 日志信息泄露漏洞
Vulnerability Description
para是Erudika开源的一个多租户后端服务器,用于快速构建web和移动应用程序。 para 1.50.8之前版本存在日志信息泄露漏洞,该漏洞源于日志中明文记录访问令牌,可能导致令牌泄露。
CVSS Information
N/A
Vulnerability Type
N/A