Submeter #798583: 666ghj MiroFish 0.1.2 Missing Authentication for Critical Functionsinformação

Título666ghj MiroFish 0.1.2 Missing Authentication for Critical Functions
DescriçãoMiroFish v0.1.2 exposes 50+ REST API endpoints with absolutely zero authentication or authorization mechanisms. All endpoints, including destructive operations (project deletion, simulation process termination, report deletion, file deletion via shutil.rmtree), are publicly accessible to any network-reachable client. No session management, token validation, API key check, or any form of identity verification exists anywhere in the codebase.
Fonte⚠️ https://github.com/666ghj/MiroFish/issues/487
Utilizador
 Yu_Bao (UID 89348)
Submissão07/04/2026 08h51 (há 21 dias)
Moderação25/04/2026 17h57 (18 days later)
EstadoAceite
Entrada VulDB359621 [666ghj MiroFish até 0.1.2 REST API Endpoint backend/app/__init__.py create_app Autenticação fraca]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!