Critical Vulnerability Information Vulnerability Description Component: SysModelController Project: ruoyi-ai Issue: Unauthorized Access Vulnerability Impact: Attackers can add, delete, modify, and query large model configurations in the system without any authentication credentials. Vulnerability Analysis Relevant Code Location: Critical Code: - Add model: - Delete model: - Query model list: Vulnerability Verification Example Request: Response Result: Successful data return, indicating that the interface can be called and data can be tampered with without authorization. Security Recommendations Mitigation: Implement access control for the relevant API endpoints. ``` This summary outlines the key aspects of the vulnerability, including the affected component, specific issue, relevant code snippets, and how to verify the vulnerability. It also provides security recommendations to prevent such issues.