漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
zhinianboke xianyu-auto-reply Backend User Endpoint users authorization
Vulnerability Description
A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 19fc3282a1bb78a05c34945c088525d20e081cbd. Applying a patch is the recommended action to fix this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
zhinianboke xianyu-auto-reply 授权问题漏洞
Vulnerability Description
zhinianboke xianyu-auto-reply是zhinianboke个人开发者的一款自动回复辅助软件。 zhinianboke xianyu-auto-reply存在授权问题漏洞,该漏洞源于Backend User Endpoint组件中文件/api/v1/users/的未知函数存在授权缺失,可能导致远程攻击。
CVSS Information
N/A
Vulnerability Type
N/A