CNNVD-202511-981 Information
Nov 10, 2025
cve
CNNVD ID
CNNVD-202511-981
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
forest是RYMCU开源的一款现代化的知识社区后台项目,使用 SpringBoot + Shiro + MyBatis + JWT + Redis 实现。 forest存在安全漏洞,该漏洞源于文件src/main/java/com/rymcu/forest/web/api/bank/BankController.java中的GlobalResult函数缺少授权,可能导致远程攻击。
Description (English)
Forest is a modern knowledge community back-office project with SpringBoot + Shiro + MyBatis + JWT + Redis. There is a security loophole in the forest, which stems from the lack of authorization of the GlobalResult function in the document src/main/java/com/rymcu/forest/web/api/bank/BankController.java, which could lead to a remote attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
RYMCU
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/rymcu/forest/issues/198 https://vuldb.com/?ctiid.331644 https://vuldb.com/?id.331644 https://vuldb.com/?submit.681079
Share on: