| Title | RYMCU forest V1.0 Missing Authentication |
|---|
| Description | The application contains a critical security flaw in the Lucene user dictionary management API where ANY unauthenticated user can perform Create, Read, Update, and Delete (CRUD) operations on the system-wide search dictionary. This dictionary directly affects the full-text search functionality across the entire application, including article search, user search, and tag recognition. |
|---|
| Source | ⚠️ https://github.com/rymcu/forest/issues/199 |
|---|
| User | 1098024193 (UID 45260) |
|---|
| Submission | 10/23/2025 11:35 (6 months ago) |
|---|
| Moderation | 11/09/2025 07:54 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 331645 [rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224 UserDicController.java getAll/addDic/getAllDic/deleteDic authorization] |
|---|
| Points | 19 |
|---|