CNNVD-202511-980 Information
CNNVD ID
CNNVD-202511-980
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
forest是RYMCU开源的一款现代化的知识社区后台项目,使用 SpringBoot + Shiro + MyBatis + JWT + Redis 实现。 forest存在安全漏洞,该漏洞源于文件src/main/java/com/rymcu/forest/lucene/api/UserDicController.java中的函数getAll/addDic/getAllDic/deleteDic缺少授权,可能被远程攻击。
Description (English)
Forest is a modern knowledge community back-office project with SpringBoot + Shiro + MyBatis + JWT + Redis. There is a security loophole in the forest, which stems from the lack of authorization for the function GetAll/addDic/getAllDic/deleteDic/deleteDic in the document src/main/java/com/rymcu/forest/lucene/api/UserDicControll.java, which could be attacked remotely.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
RYMCU
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/rymcu/forest/issues/199 https://vuldb.com/?ctiid.331645 https://vuldb.com/?id.331645 https://vuldb.com/?submit.681080
Share on: