张淇伊

Name of the Vulnerable Software and Affected Versions: JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 Description: JeeWMS contains an incorrect authentication bypass vulnerability, which can lead to arbitrary file reading. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: old-peanut Open-Shop versions through 1.0.0 Description: A Cross Site Request Forgery (CSRF) issue exists in old-peanut Open-Shop, allowing attackers to obtain sensitive information via a crafted HTTP Post message. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Dromara Northstar versions through 7.3.5 **Description:** A critical issue exists in Dromara Northstar related to improper access controls. The `preHandle` function within the Path Handler component, specifically in the file `northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java`, is susceptible to manipulation via the `Request` argument. This allows for unauthorized access and can be exploited remotely. **Recommendations:** Upgrade to version 7.3.6 to address this issue.