oasys
oasys copied to clipboard
misstt123
办公自动化(OA)是面向组织的日常运作和管理,员工及管理者使用频率最高的应用系统,极大提高公司的办公效率。oasys是一个OA办公自动化系统,使用Maven进行项目管理,基于springboot框架开发的项目,mysql底层数据...
Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.36 to 1.2.83. Release notes Sourced from fastjson's releases. FASTJSON 1.2.83版本发布(安全修复) 这是一个安全修复版本,修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞,建议fastjson用户尽快采取安全措施保障系统安全。 安全修复方案 :https://github.com/alibaba/fastjson/wiki/security_update_20220523 Issues 安全加固 修复JDK17下setAccessible报错的问题 #4077 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/ 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98 源码 https://github.com/alibaba/fastjson/tree/1.2.83 fastjson 1.2.79版本发布,BUG修复 这又是一个bug...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Hey there! I belong to an open source security research community, and a member (@shadowfl0w) has found an issue, but doesn’t know the best way to disclose it. If not...
Cross SIte Scripting (XSS) vulnerability exists in oasys By accessing the new plan function of plan management in the work plan on the background page, insert the < script >...
Bumps commons-io from 2.5 to 2.7. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps commons-fileupload from 1.3.2 to 1.3.3. [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
java.lang.NullPointerException at cn.gson.oasys.controller.mail.MailController.push(MailController.java:697) 我发送不过去给soli 在soli里没有(但是我的发件箱里有) 且点发送 就报上面
1、During the function point test, it was found that there was a user panel  2、I found that it has the function of writing sticky notes  3、Use admin account...
oasys has arbitrary file download  By looking at the ProcedureController.java file in the source code, it is found that although the filtering is done through the tomcat framework, /show...
# Incorrect Access Control of Schedule's Deletion The system has a scheduling management feature, where each user's schedule is independent and private. However, the current system has a problem with...
# CSRF-oasys by [misstt123](https://github.com/misstt123) The entire system has a CSRF vulnerability, so there is no specific vulnerability point. The following uses the administrator's user addition function as an example for...