-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the user creation endpoint as demonstrated by the PoC HTTP request to /user/save. The absence of access control checks in the corresponding controller method allows unauthorized user creation. While exact code isn't available, the endpoint mapping convention in Java web applications and the vulnerability description strongly indicate the UserController's save method as the vulnerable component responsible for handling user creation requests without proper authorization.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tech.powerjob:powerjob | maven | <= 4.3.1 |
JavaJavaOngoing coverage of React2Shell