Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
szluyu99 gin-vue-blog PATCH Request manager.go improper authorization
Vulnerability Description
A vulnerability was found in szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410. It has been declared as critical. This vulnerability affects unknown code of the file gin-blog-server/internal/manager.go of the component PATCH Request Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
szluyu99 gin-vue-blog 安全漏洞
Vulnerability Description
szluyu99 gin-vue-blog是Zhenyu个人开发者的一个Golang 全栈博客,支持 Docker Compose 一键部署。基于最新前后端技术栈 Vue3、TS、Unocs 、Redis 等。前端包含博文展示前台、博客后台管理系统。后端包含 JWT 鉴权、RBAC 权限控制等。 szluyu99 gin-vue-blog存在安全漏洞,该漏洞源于授权不当问题,可能导致未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A