Affecting com.alibaba.nacos:nacos-common artifact, versions [,1.4.1)Report new vulnerabilities
com.alibaba.nacos:nacos-common is a service discovery, configuration and service management platform for building cloud native applications.
Affected versions of this package are vulnerable to Authentication Bypass. The
ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the
/data/remove endpoint is properly protected with the
@Secured annotation, the
/derby endpoint is not protected and can be openly accessed by unauthenticated users.
com.alibaba.nacos:nacos-common to version 1.4.1 or higher.