Enviar #798583: 666ghj MiroFish 0.1.2 Missing Authentication for Critical Functionsinformación

Título666ghj MiroFish 0.1.2 Missing Authentication for Critical Functions
DescripciónMiroFish v0.1.2 exposes 50+ REST API endpoints with absolutely zero authentication or authorization mechanisms. All endpoints, including destructive operations (project deletion, simulation process termination, report deletion, file deletion via shutil.rmtree), are publicly accessible to any network-reachable client. No session management, token validation, API key check, or any form of identity verification exists anywhere in the codebase.
Fuente⚠️ https://github.com/666ghj/MiroFish/issues/487
Usuario
 Yu_Bao (UID 89348)
Sumisión2026-04-07 08:51 (hace 2 meses)
Moderación2026-04-25 17:57 (18 days later)
EstadoAceptado
Entrada de VulDB359621 [666ghj MiroFish hasta 0.1.2 REST API Endpoint backend/app/__init__.py create_app autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!