GithubHelp home page GithubHelp logo

yangzongzhuan / ruoyi-vue-fast Goto Github PK

View Code? Open in Web Editor NEW
858.0 858.0 528.0 1.26 MB

:tada: (RuoYi)官方仓库 基于SpringBoot,Spring Security,JWT,Vue & Element 的前后端分离权限管理系统

Home Page: http://ruoyi.vip

License: MIT License

Batchfile 0.23% Shell 0.18% Java 99.59%
admin axios druid element element-ui java jwt mybatis quartz quill spring springboot springsecurity swagger2 vue vue-admin vue-cli vue-element vue-element-admin vuex

ruoyi-vue-fast's People

Contributors

yangzongzhuan avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

geekalin waterif uniqukin xuzhou530 sj1406576460 andy1199 wdcodecn melodyjerry zhaoxxnbsp mezongzi keepcccccc backapps lukehuang newbeeboy chenyuguxing kugener xiaogong110110 superhuanghui usedvscode0 caixiaomao johnyhi github-esme yangchun769 lvayne yuxink java9264 weijiguang ccp1688 wdsheng0i justzhu cloudgoon adteven upaths linruot gsool yanglei50 flownclouds miles9616 mrlhy wangjun1998a atkins126 xiaoyuge5201 tindermei wangzhitao81 leonhom arlentodd zdragon17 gaofei714 fmetat zacobin rich-bot xcz1899 zhuomingliang lm0xfffe fengjinlia huchengyi van496 zzs-0826 zilongzixue he343052143 zhugeheng momo-yangcong gongjingwen0815 canye21 524748907 netchick gitlyb2080 wwwk esionma igit-cn raofei zuoxiatian chaowei126 rxh1999 singray javalixin forworldlee gyjsuccess sun-beijixing jaychuo bamboo-qiqing swingblb zslsh44 dingsd mrhyouka wenzhi404 killua20 yknn hxx006 siiia yunwenlong panzk412 lqql8790229 yangyanlin oneteam1912 guoxianlong xingzhe-xm destroyyourbathtub xian-code yanghuabang

ruoyi-vue-fast's Issues

oracle版本

有没有oracle版本的,如果我自己把数据库转为oracle的除orm相关代码外还有需要改的地方吗?

前端的UI资源在哪里

前端的UI资源在哪里。。文中给的连接,部署后,不好用,从验证码就开始不好用。。。

同学,您这个项目引入了123个开源组件,存在1个漏洞,辛苦升级一下

检测到 yangzongzhuan/RuoYi-Vue-fast 一共引入了123个开源组件,存在1个漏洞

漏洞标题:kaptcha 安全漏洞
缺陷组件:com.github.penggle:[email protected]
漏洞编号:CVE-2018-18531
漏洞描述:kaptcha是一款基于SimpleCaptcha的验证码生成工具。
kaptcha 2.3.2版本中的多个文件存在安全漏洞,该漏洞源于程序使用‘Random’函数(而不是‘SecureRandom’函数)创建CAPTCHA值。远程攻击者可借助暴力破解的方法利用该漏洞绕过访问限制。(多个文件包括:text/impl/DefaultTextCreator.java、text/impl/ChineseTextProducer.java和text/impl/FiveLetterFirstNameTextCreator.java)
国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2018-21509
影响范围:[0, ∞)
最小修复版本:
缺陷组件引入路径:com.ruoyi:[email protected]>com.github.penggle:[email protected]

另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=ib53eb

严重权限漏洞

如果管理员修改了角色权限,然后该角色的用户仍在线的话,仍然有权限。
if (roleService.updateRole(role) > 0) { // 更新缓存用户权限 LoginUser loginUser = getLoginUser(); if (StringUtils.isNotNull(loginUser.getUser()) && !loginUser.getUser().isAdmin()) { loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser())); loginUser.setUser(userService.selectUserByUserName(loginUser.getUser().getUserName())); tokenService.setLoginUser(loginUser); } return AjaxResult.success(); }
这段代码可以看到,如果该用户不是管理员,则更新缓存。
问题是没有更新其他用户,只要该用户仍在线,就仍然拥有权限。
(大改若依时,测试权限模块发现)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.