[Bug] hippo4j monitors unauthorized access vulnerabilities

opengoofy / hippo4j

📌 异步线程池框架，支持线程池动态变更&监控&报警，无需修改代码轻松引入。Asynchronous thread pool framework, support Thread Pool Dynamic Change & monitoring & Alarm, no need to modify the code easily introduced.

https://hippo4j.cn

Apache License 2.0

5.59k stars 1.18k forks source link

[Bug] hippo4j monitors unauthorized access vulnerabilities #1062

Open laoquanshi opened 1 year ago

laoquanshi commented 1 year ago

The ItemController of the tenant management module module of hippo4j. There is an unauthorized access vulnerability in the new project information The saveItem method does not authenticate the user performing the current operation, resulting in any user accessing the POST /hippo4j/v1/cs/item/save interface to add malicious new items. Influence version hippo4j 1.4.3 (Nov 06, 2022)

magestacks commented 1 year ago

I will follow up on this question.

laoquanshi commented 1 year ago

好的