YoulongChen
YoulongChen
### Problem description When i run "docker build --tag python-docker .", i meet : ERROR: Could not find a version that satisfies the requirement apturl==0.5.2 (from versions: none) ERROR: No...
#python3 slicer4j.py -j ../benchmarks/SliceMe/target/SliceMe-1.0.0.jar -o /app/output -b SliceMe:17 -m "SliceMe" -d Instrumenting the JAR Instrumented jar is at: /app/output/SliceMe-1.0.0_i.jar Running the instrumented JAR Running instrumented JAR Slicing from line SliceMe:17...
# XSS Injection Vulnerability Report ## Vulnerability Summary Multiple Cross-Site Scripting (XSS) vulnerabilities exist in the application due to improper handling of user-supplied data. User input fields such as `username`...
Broken Access Control - Unauthorized Access to Other Users' Orders ### Description This issue is related to #98 and demonstrates the same security vulnerability. ### Reproduction Steps 1. Set up...
Avatar upload lets one user overwrite another’s profile image: `/member/imgaeUpload` accepts `userId` and `token` but never verifies that the token belongs to that user before updating DB records, so any...
- Critical – Cart endpoints allow cross-account modifications**: Every `/member/*cart*` action takes a request body with `userId` and trusts it. A logged-in attacker can supply another user’s id to read...
## Vulnerability Description **File Location**: `youlai-admin/admin-boot/src/main/java/com/youlai/admin/service/impl/SysDeptServiceImpl.java:181-187` **Severity Level**: High **Attack Vector**: REST API Endpoint ### Vulnerable Endpoint ```java @Operation(summary = "Delete Department") @DeleteMapping("/{ids}") @PreAuthorize("@ss.hasPerm('sys:dept:delete')") public Result deleteDepartments( @Parameter(description = "Department...
### Description This PR fixes that Sensitive information logged in SshHelper.sshExecute method. Fixes: #12025