From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability ID: CVE-2024-50654 2. Target: https://github.com/lilishop/lilishop 3. Affected Versions: <=4.2.4 4. Description: Attackers can exploit this vulnerability by capturing coupon redemption request packets and launching high-concurrency attacks to bypass the restriction of only being able to claim a coupon once, thereby enabling multiple coupon redemptions. 5. Detailed Information: - Request URL: - Request Method: GET - Request Headers: - Host: - Connection: keep-alive - sec-ch-ua: "Chromium";v="124", "Microsoft Edge";v="124", "Not-A.Brand";v="99" - Accept: application/json, text/plain, / - accessToken: - sec-ch-ua-mobile: ?0 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6051.102 Safari/537.36 - sec-ch-ua-platform: "Windows" - Origin: - Sec-Fetch-Site: same-site - Sec-Fetch-Mode: cors - Sec-Fetch-Dest: empty - Referer: - Accept-Encoding: gzip, deflate, br, zstd - Accept-Language: zh-CN, zh;q=0.9, en;q=0.8, en-GB;q=0.7, en-US;q=0.6 - Request Body: - - Request Results: - Requests 1–18 returned 200 status code, with response times ranging from 86 to 925 milliseconds. - Request 19 returned 200 status code, with response time significantly increased to 607 milliseconds. - Requests 30 and 35 returned 200 status code, with response times of 818 and 925 milliseconds, respectively. This information indicates that the vulnerability allows attackers to bypass the coupon redemption limit by launching high-concurrency requests, thereby enabling multiple coupon redemptions.