CVE-2022-29633
Linglong v1.0 has an access-control bypass where a crafted cookie grants access to the application's background. Veracode attributes the root cause to a hard-coded JWT in jwt.go, enabling cookie forging. Exploitation is feasible over the network via crafted cookies, granting unauthorized access t...