| عنوان | 666ghj MiroFish 0.1.2 Missing Authentication for Critical Functions |
|---|
| الوصف | MiroFish v0.1.2 exposes 50+ REST API endpoints with absolutely zero authentication or authorization mechanisms. All endpoints, including destructive operations (project deletion, simulation process termination, report deletion, file deletion via shutil.rmtree), are publicly accessible to any network-reachable client. No session management, token validation, API key check, or any form of identity verification exists anywhere in the codebase. |
|---|
| المصدر | ⚠️ https://github.com/666ghj/MiroFish/issues/487 |
|---|
| المستخدم | Yu_Bao (UID 89348) |
|---|
| ارسال | 07/04/2026 08:51 AM (20 أيام منذ) |
|---|
| الاعتدال | 25/04/2026 05:57 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359621 [666ghj MiroFish حتى 0.1.2 REST API Endpoint backend/app/__init__.py create_app توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|