Mall-tiny Security Vulnerabilities and Issues — Mall-tiny CVE List

Lucene search

MacrozhengMall-tiny

4 matches found

CVE•added 2025/01/31 5:15 p.m.•615 views

CVE-2024-57432

macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are hardcoded and do not change. User information is explicitly written into the JWT and used for subsequent privilege management, making it is possible to forge the JWT of any user to achieve authentic...

7.5CVSS6.6AI score0.00095EPSS

CVE•added 2025/01/31 10:15 p.m.•64 views

CVE-2024-57433

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.

7.5CVSS6.3AI score0.00086EPSS

CVE•added 2025/01/31 10:15 p.m.•44 views

CVE-2024-57434

macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.

8.8CVSS6.5AI score0.00098EPSS

CVE•added 2025/01/31 10:15 p.m.•41 views

CVE-2024-57435

In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.

6.5CVSS6.5AI score0.00118EPSS