### Key Information #### Vulnerability Type - **Incorrect Access Control vulnerability** #### Affected Versions - **latest** #### Issue Description - There is an authentication bypass vulnerability. Attackers can exploit this vulnerability to access the `/capsi/` API without any token. #### Source Code Analysis 1. **Affected Source Code Class**: `com.wmallchat.common.common.interceptor.TokenInterceptor` 2. **Critical Function**: `preHandle` 3. **Issue Point**: - Uses `request.getRequestURI()` to retrieve the request path. This function does not resolve special characters, and passing them directly allows path bypass. - When `server.servlet.context-path` is configured with a non-empty value, attackers can bypass authentication checks via specific paths. #### Vulnerability Reproduction Steps 1. Directly accessing `http://localhost:8880/capsi/user/userInfo` returns an error response. 2. Accessing `http://localhost:8880/xxx/yyy/public/../../../../demo/capsi/user/userInfo` bypasses authentication checks and successfully accesses the interface. #### Example Responses - **Without Authentication Bypass**: ```json { "success": false, "errorCode": 600, "errMsg": "Illegal request, please log in again" } ``` - **After Authentication Bypass**: ```json { "success": true, "errno": null, "errmsg": null, "data": { "id": null, "avatar": null, "sex": null, "multiChance": 0 } } ```