litemall
litemall copied to clipboard
linlinjava
又一个小商城。litemall = Spring Boot后端 + Vue管理员前端 + 微信小程序用户前端 + Vue用户移动端
Bumps [serve-static](https://github.com/expressjs/serve-static) from 1.13.2 to 1.16.0. Release notes Sourced from serve-static's releases. 1.16.0 What's Changed Remove link renderization in html while redirecting (expressjs/serve-static#173) New Contributors @UlisesGascon made their first contribution...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, name parameters of the AdminOrderController..java component. 1.Steps to reproduce (复现步骤) 访问商品管理,昵称输入1...
 旧域名 registry.npm.taobao.org 已停用(2022年5月后失效)。 新域名为:https://registry.npmmirror.com
 ###### desc为mysql排序用的关键字
Bumps [vue](https://github.com/vuejs/core) from 2.6.10 to 3.0.0. Changelog Sourced from vue's changelog. 3.0.0 (2020-09-18) 3.0.0-rc.13 (2020-09-18) Bug Fixes hmr: make hmr working with class components (#2144) (422f05e) reactivity: avoid length mutating...
# Hardcoded JWT Secret Vulnerability in Litemall (≤ v1.8.0) (CWE-798) ## Summary A hardcoded JWT secret vulnerability exists in **Litemall versions ≤ 1.8.0**. The issue is located in: ``` litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java...
# Stored XSS Vulnerability in `/wx/storage/upload` (Litemall ≤ v1.8.0) ### Summary A **stored cross-site scripting (XSS)** vulnerability exists in **Litemall versions ≤ 1.8.0** at the `/wx/storage/upload` endpoint. The application does...
# Summary A logic vulnerability exists on the endpoint /admin/config/express, where logistics costs can be set to negative values, resulting in economic losses. # POC ``` POST /admin/config/express HTTP/1.1 Host:...
Metadata
Owner
Metadata
又一个小商城。litemall = Spring Boot后端 + Vue管理员前端 + 微信小程序用户前端 + Vue用户移动端