关键漏洞信息 标题: warehouse latest (git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls 描述: - Import and outport endpoints do not enforce permissions. - Attackers can forge inventory movements, adjust quantities, or delete records, leading to stock inaccuracies, financial discrepancies, and possible abuse of procurement/return workflows. - This can lead to inaccurate stock levels, financial discrepancies, and abuse of procurement/return workflows. 来源: https://github.com/yeqifu/warehouse/issues/62 提交者: AliceS614 (UID 94277) 提交时间: 2026-02-09 05:55 AM 审核时间: 2026-02-20 10:01 AM (11 days later) 状态: Accepted VulDB条目: 347087 (yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Import Endpoint ImportController.java addImport/updateImport/deleteImport access control) 积分: 18