Description
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
Remediation
References
https://github.com/alibaba/nacos/issues/2284
Related Vulnerabilities
CVE-2021-4329 Vulnerability in npm package json-logic-js
CVE-2023-33695 Vulnerability in maven package cn.hutool:hutool-core
CVE-2022-25875 Vulnerability in npm package svelte
CVE-2020-7238 Vulnerability in maven package io.netty:netty-codec-http
CVE-2019-10742 Vulnerability in maven package org.webjars.npm:axios