Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

编辑器提示存在漏洞 #3004

Open
1532332928 opened this issue Apr 18, 2024 · 1 comment
Open

编辑器提示存在漏洞 #3004

1532332928 opened this issue Apr 18, 2024 · 1 comment
Labels
bug

Comments

@1532332928
Copy link

所属功能组件

其它

ThinkPHP 版本

8.0.3

操作系统

Windows

错误信息

image

其它说明

在依赖中,PhpStorm提示该库存在2个漏洞
第一个:CVE-2022-33107
9.8
Deserialization of Untrusted Data vulnerability with High severity foun
第二个:CVE-2022-25481
7.5
Exposure of Resource to Wrong Sphere vulnerability with High severity found
@1532332928 1532332928 added the bug label Apr 18, 2024
@big-dream
Copy link
Contributor

Issues 编码 备注
#2717 CVE-2022-33107
CVE-2022-25481 显示的是调试状态下的异常信息页面,关闭调试模式后不会显示相关系统信息。个人认为这不算是漏洞,因为线上环境应该关闭调试模式。而且调试模式下异常页面不显示相关信息也不方便开发者排查问题。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@big-dream @1532332928