摘要: Dragonboat Log Replication 代码走读 Dragonboat 是一个开源的高性能Go实现的Raft共识协议实现. 具有良好的性能和久经社区检验的鲁棒性, 机遇巧合, 接触到. 因此决定结合Raft博士论文走读其源码. 今天带来Raft中三大核心之一的日志复制Log Repli 阅读全文
posted @ 2022-10-11 17:58 Aibot 阅读(488) 评论(0) 推荐(1)
摘要: Pebble 性能参数调优 Pebble vs Rocksdb参数调优表 | 序号 | Pebble参数 | Pebble配置建议 | Rocksdb参数 | Rocksdb配置建议 | 其他 | | | | | | | | | LevelOptions | | | | | | | 1 | BlockRestartInterv 阅读全文
posted @ 2022-09-16 16:42 Aibot 阅读(849) 评论(0) 推荐(0)
摘要: MicroCommunity has a missing authorization vulnerability: Confirmed Vulnerability. A user with access to this action can bind a high-privilege role to themselves or another staff account, causing privilege escalation across the backend permission system 阅读全文
posted @ 2026-06-18 12:40 Aibot 阅读(6) 评论(0) 推荐(0)
摘要: MCMS has a missing authorization vulnerability: `/ms/cms/category/copyCategory`. unauthorized access to authorization-sensitive state 阅读全文
posted @ 2026-06-18 12:40 Aibot 阅读(2) 评论(0) 推荐(0)
摘要: MCMS has a missing authorization vulnerability: Public category get bypasses public visibility filters. Public users can retrieve hidden or non-CMS category metadata that the public category list intentionally filters out 阅读全文
posted @ 2026-06-18 12:40 Aibot 阅读(3) 评论(0) 推荐(0)
摘要: MCMS has a missing authorization vulnerability: Content copy uses `cms:content:save` to read and clone source content. A save-only user can read and duplicate source article data they are not authorized to view 阅读全文
posted @ 2026-06-18 12:39 Aibot 阅读(4) 评论(0) 推荐(0)
摘要: MCMS has a missing authorization vulnerability: `getFromFengMian` bypasses `cms:content:view`. Unauthorized users can read article fields including category relation, display status, type, details, out-link, and hit count 阅读全文
posted @ 2026-06-18 12:39 Aibot 阅读(2) 评论(0) 推荐(0)
摘要: MCMS has a missing authorization vulnerability: Generate module category list bypasses category/generate read permission. Unauthorized backend users can retrieve complete category metadata through the static-generation helper endpoint 阅读全文
posted @ 2026-06-18 12:39 Aibot 阅读(2) 评论(0) 推荐(0)
摘要: MCMS has a missing authorization vulnerability: Backend category list bypasses `cms:category:view`. Unauthorized backend users can read category hierarchy and metadata, including parent links, display/search flags, model bindings, category flags, and business child markers 阅读全文
posted @ 2026-06-18 12:39 Aibot 阅读(2) 评论(0) 推荐(0)
摘要: JSH_ERP has a missing authorization vulnerability in `POST /user/registerUser`. An attacker can self-register a tenant with excessive user quota or an arbitrary future expiration time, bypassing service-side trial and quota controls 阅读全文
posted @ 2026-06-18 12:39 Aibot 阅读(3) 评论(0) 推荐(0)
摘要: JSH_ERP has a missing authorization vulnerability in `GET /role/findUserRole`, `GET /depot/findUserDepot`, `GET /supplier/getUserCustomerValue`, `GET /user/getUserWithChecked`. The endpoints reveal authorization relationships such as which role a user has, which warehouses a user can access, which customers are assigned, or which users are linked to a relationship value 阅读全文
posted @ 2026-06-18 12:39 Aibot 阅读(3) 评论(0) 推荐(0)
摘要: JSH_ERP has a missing authorization vulnerability in `POST /function/findMenuByPNumber`. The endpoint discloses another user's effective menu permissions and role-derived function access. This is authorization-state leakage 阅读全文
posted @ 2026-06-18 12:39 Aibot 阅读(2) 评论(0) 推荐(0)