You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[security issue] The jeecg-boot version is less than or equal to 2.4.5 httptrace interface has unauthorized access and leaks sensitive information such as user cookies
#2793
Unauthorized access to the httptrace interface reveals sensitive information such as user cookies
截图&代码:
api interface http://Ip:8080/jeecg-boot/actuator/httptrace/
This interface does not require any login permissions
local demo
Many jeecg-boot frameworks have such vulnerabilities, such as
The leaked information includes client IP, browser useragent, cookie, token, etc.
友情提示: 未按格式要求发帖,会直接删掉。
The text was updated successfully, but these errors were encountered:
版本号:
2.4.5

问题描述:
Unauthorized access to the httptrace interface reveals sensitive information such as user cookies
截图&代码:
api interface


http://Ip:8080/jeecg-boot/actuator/httptrace/
This interface does not require any login permissions
local demo
Many jeecg-boot frameworks have such vulnerabilities, such as
The leaked information includes client IP, browser useragent, cookie, token, etc.
友情提示: 未按格式要求发帖,会直接删掉。
The text was updated successfully, but these errors were encountered: