Old6Ma

**Name of the Vulnerable Software and Affected Versions** youlai-boot version 2.21.1 **Description** The software contains an incorrect access control issue. The `getRoleForm` function in `SysRoleController.java` lacks proper permission checks. This may allow users without root privileges to access root roles directly. **Recommendations** Apply necessary permission checks to the `getRoleForm` function in `SysRoleController.java` to prevent unauthorized access to root roles.

**Name of the Vulnerable Software and Affected Versions** youlai-boot version 2.21.1 **Description** The software contains an authorization bypass due to incorrect access control. The `importUsers` function within the `SysUserController.java` component does not verify the permissions of the current user. This allows standard users to import user data into the database, circumventing intended authorization restrictions. The vulnerable function is `importUsers`. **Recommendations** Ensure the `importUsers` function in `SysUserController.java` includes appropriate permission checks to verify the user's identity and authorization before allowing data import operations.