漏洞
By default, anonymous users can upload files to the "/server/rest/services/Hosted/<FeatureService>/FeatureServer/uploads/upload" API when the feature service is shared publicly.
| 漏洞 ID 编号 | BUG-000175606 |
|---|---|
| 已提交 | April 4, 2025 |
| 上次修改时间 | July 21, 2025 |
| 适用范围 | ArcGIS GIS Server |
| 找到的版本 | 11.4 |
| 操作系统 | Windows Server |
| 操作系统版本 | 2022 |
| 状态 | In Review |
解决办法
In order to disable anonymous users from uploading files to a publicly shared feature service, the capability must be removed in the "/server/admin/services/Hosted/<Feature Service Name>.FeatureServer/edit" JSON.
By Default these are the allowed capabilities: ""capabilities": "Query,Create,Update,Delete,Editing,Uploads","
重现步骤
漏洞 ID: BUG-000175606
软件:
- ArcGIS GIS Server
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序