| 제목 | 666ghj MiroFish 0.1.2 Missing Authentication for Critical Functions |
|---|
| 설명 | MiroFish v0.1.2 exposes 50+ REST API endpoints with absolutely zero authentication or authorization mechanisms. All endpoints, including destructive operations (project deletion, simulation process termination, report deletion, file deletion via shutil.rmtree), are publicly accessible to any network-reachable client. No session management, token validation, API key check, or any form of identity verification exists anywhere in the codebase. |
|---|
| 원천 | ⚠️ https://github.com/666ghj/MiroFish/issues/487 |
|---|
| 사용자 | Yu_Bao (UID 89348) |
|---|
| 제출 | 2026. 04. 07. AM 08:51 (20 날 ago) |
|---|
| 모더레이션 | 2026. 04. 25. PM 05:57 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359621 [666ghj MiroFish 까지 0.1.2 REST API Endpoint backend/app/__init__.py create_app 약한 인증] |
|---|
| 포인트들 | 20 |
|---|