JustEnoughItems 安全漏洞

JustEnoughItems JEI is a project and recipe viewing module for Minecraft by James Mitchell, an individual developer. A security vulnerability exists in JustEnoughItems version 19.5.0.33 and prior versions, which stems from an inability to validate Minecraft's slot index in JEI, which can lead to...

Cross-Site Request Forgery (CSRF) in collectiveaccess/providence

Description I have found more endpoints which allow edit/duplicate were not protected from CSRF, the following endpoints are: 1: Edit Global Value in Pawtucket. 2: Change object type. 3: Duplicate object. 4: Duplicate items in the set and add to another set. Proof of Concept Via GET requests: 1...