We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
检测到 yangzongzhuan/RuoYi-fast 一共引入了122个开源组件,存在1个漏洞
漏洞标题:kaptcha 安全漏洞 缺陷组件:com.github.penggle:kaptcha@2.3.2 漏洞编号:CVE-2018-18531 漏洞描述:kaptcha是一款基于SimpleCaptcha的验证码生成工具。 kaptcha 2.3.2版本中的多个文件存在安全漏洞,该漏洞源于程序使用‘Random’函数(而不是‘SecureRandom’函数)创建CAPTCHA值。远程攻击者可借助暴力破解的方法利用该漏洞绕过访问限制。(多个文件包括:text/impl/DefaultTextCreator.java、text/impl/ChineseTextProducer.java和text/impl/FiveLetterFirstNameTextCreator.java) 国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2018-21509 影响范围:[0, ∞) 最小修复版本: 缺陷组件引入路径:com.ruoyi:ruoyi@4.7.3->com.github.penggle:kaptcha@2.3.2
另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=i880ba
The text was updated successfully, but these errors were encountered:
这个漏洞没有什么影响,谷歌验证码貌似是没有维护了,有需要可以自己先更换一下。 更换成 EasyCaptcha https://www.toutiao.com/i7064453150127686156 更换成 aj-captcha http://doc.ruoyi.vip/ruoyi/document/cjjc.html#集成aj-captcha实现滑块验证码
Sorry, something went wrong.
No branches or pull requests
检测到 yangzongzhuan/RuoYi-fast 一共引入了122个开源组件,存在1个漏洞
另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=i880ba
The text was updated successfully, but these errors were encountered: