Отправить #798583: 666ghj MiroFish 0.1.2 Missing Authentication for Critical FunctionsИнформация

Название666ghj MiroFish 0.1.2 Missing Authentication for Critical Functions
ОписаниеMiroFish v0.1.2 exposes 50+ REST API endpoints with absolutely zero authentication or authorization mechanisms. All endpoints, including destructive operations (project deletion, simulation process termination, report deletion, file deletion via shutil.rmtree), are publicly accessible to any network-reachable client. No session management, token validation, API key check, or any form of identity verification exists anywhere in the codebase.
Источник⚠️ https://github.com/666ghj/MiroFish/issues/487
Пользователь
 Yu_Bao (UID 89348)
Представление07.04.2026 08:51 (21 дни назад)
Модерация25.04.2026 17:57 (18 days later)
Статуспринято
Запись VulDB359621 [666ghj MiroFish до 0.1.2 REST API Endpoint backend/app/__init__.py create_app слабая аутентификация]
Баллы20

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!