CVE-2024-57435
- EPSS 0.18%
- Veröffentlicht 31.01.2025 22:15:13
- Zuletzt bearbeitet 22.04.2025 15:27:10
In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attac...
CVE-2024-57433
- EPSS 0.16%
- Veröffentlicht 31.01.2025 22:15:12
- Zuletzt bearbeitet 22.04.2025 15:32:09
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.
CVE-2024-57434
- EPSS 0.18%
- Veröffentlicht 31.01.2025 22:15:12
- Zuletzt bearbeitet 22.04.2025 15:29:06
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.
CVE-2024-57432
- EPSS 0.13%
- Veröffentlicht 31.01.2025 17:15:15
- Zuletzt bearbeitet 02.09.2025 21:26:04
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible ...