com.baidu.mapp:brcc-core@1.1.0 vulnerabilities

latest version

1.1.0

first published

3 years ago

latest version published

3 years ago

licenses detected

Unknown
[1.1.0,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.baidu.mapp:brcc-core package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Access Control Bypass Affected versions of this package are vulnerable to Access Control Bypass through the use of `request.getRequestURI()` validation in `com.baidu.brcc.config.UserAuthFilter.doFilter()`. An attacker can gain unauthorized admin rights by sending requests to `/admin/` URIs on misconfigured servers. Note:** This vulnerability is only applicable if the application developer configures the servlet `contextPath` as a prefix included in the noAuths list. How to fix Access Control Bypass? There is no fixed version for `com.baidu.mapp:brcc-core`.	[0,)

Access Control Bypass

Affected versions of this package are vulnerable to Access Control Bypass through the use of request.getRequestURI() validation in com.baidu.brcc.config.UserAuthFilter.doFilter(). An attacker can gain unauthorized admin rights by sending requests to /admin/** URIs on misconfigured servers.

Note: This vulnerability is only applicable if the application developer configures the servlet contextPath as a prefix included in the noAuths list.

How to fix Access Control Bypass?

There is no fixed version for com.baidu.mapp:brcc-core.

[0,)

Go back to all versions of this package