访客数量 |
zongxr / supermarket Goto Github PK
View Code? Open in Web Editor NEW设计精良的网上商城系统,包括前端、后端、数据库、负载均衡、数据库缓存、分库分表、读写分离、全文检索、消息队列等,使用SpringCloud框架,基于Java开发。该项目可部署到服务器上,不断完善中……
License: GNU Affero General Public License v3.0
设计精良的网上商城系统,包括前端、后端、数据库、负载均衡、数据库缓存、分库分表、读写分离、全文检索、消息队列等,使用SpringCloud框架,基于Java开发。该项目可部署到服务器上,不断完善中……
License: GNU Affero General Public License v3.0
Recently, our team found an arbitrary cart update vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/cart/src/main/java/com/supermarket/cart/controller/CartController.java#L73. Access to the /manage/update
API is unauthorized, allowing attackers to update the information of arbitrary cart via a crafted cart
object.
To address this vulnerability, we recommend that developers implement access control policies to limit API access to privileged users and cart owners only.
Recently, our team found an arbitrary order addition vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/order/src/main/java/com/supermarket/order/controller/OrderController.java#L36. Access to the /manage/save
API is unauthorized, allowing attackers to add orders as any user via a crafted order
object.
To address this vulnerability, we strongly recommend that developers implement access control policies to limit the order addition operation.
请问一下这个项目是不是没有部署elasticsearch就启动不成功啊。
现在启动eureka报错了:
Recently, our team found an arbitrary cart deletion vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/cart/src/main/java/com/supermarket/cart/controller/CartController.java#L96. Access to the /manage/delete
API is unauthorized, allowing attackers to delete arbitrary cart via a crafted cart
object.
To address this vulnerability, we recommend that developers implement access control policies to limit API access to privileged users and cart owners only.
Recently, our team found an arbitrary cart details access vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/cart/src/main/java/com/supermarket/cart/controller/CartController.java#L35.
Access to the /manage/query?userId=
API is unauthorized, allowing attackers to manipulate the userId request parameter and access other users' cart details, potentially compromising user privacy data.
To address this vulnerability, we strongly recommend that developers implement access control policies to ensure that only privileged users or cart owners can access the information.
有了架构图,大家就可以快速了解整个项目个架构。
start_app.sh里面run的image名称和pull的image名称不一致,跑sh的时候报错
这个项目是通过jdk11构建的~
Recently, our team found an arbitrary order deletion vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/order/src/main/java/com/supermarket/order/controller/OrderController.java#L74. Unauthorized access to the /manage/delete/{orderId}
API enables attackers to manipulate the path variable orderId
and delete orders belonging to other users.
To address this vulnerability, we strongly recommend that developers implement access control policies to ensure that only privileged users or the order owner are authorized to perform the delete operation.
缺少很多文档,也没有接口文档
Recently, our team found an arbitrary order detail access vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/order/src/main/java/com/supermarket/order/controller/OrderController.java#L59. Access to the /manage/query/{userId}
API is unauthorized, allowing attackers to manipulate the path variable userId
and access other users' order details, potentially compromising user privacy data.
To address this vulnerability, we strongly recommend that developers implement access control policies to ensure that only privileged users or the owner can access the order information.
Recently, our team found an arbitrary cart addition vulnerability in the latest version of the project.
The vulnerability logic is present in the file: https://github.com/GoogleLLP/SuperMarket/blob/master/cart/src/main/java/com/supermarket/cart/controller/CartController.java#L50. Access to the /manage/save
API is unauthorized, allowing attackers to add carts for any user via a crafted cart
object.
To address this vulnerability, we recommend that developers implement access control policies to ensure that users can only add items to their own cart.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.