This site uses cookies to provide you with the best user experience. By visiting, you accept
our use of cookies.
Incident Response
We attach great importance to security issues and welcome all security researchers to report potential security vulnerabilities to us toimprove the security of our products and services.
Security Notice - Application Monitor Actuator Exposure Vnlnerability
Internal ID
Publish Date
Last Update
Detailed Description

HANCHUESS has always prioritised the experience of our users and we had to temporarily suspend the operation of the digital platform microservices involved for a day and there was an issue with users being unable to access them, we apologise for the inconvenience this caused our users.

Since then, our team took immediate action to resolve the issue, which has now been fixed. After investigating the issue, we found that the problem was due to the use of a functional module provided by the Spring Boot Actuator for introspection and monitoring of the application, to view certain monitoring metrics, statistics, etc. of the application. Using it to monitor the application and its interactions, due to its very large number of built-in Endpoint (health, info, beans, metrics, httptrace, shutdown, etc.), it exposes sensitive server information by way of Http exposure, which can be subject to hacking attacks. This problem would not have occurred if we had used a policy to turn off its Http exposure method and set a policy to disable access.

Currently, HANCHUESS has been fixed and internally tested to ensure that this issue does not occur again. As of August 12, 2022, all digital platform related services have been restored. Once again, we apologise for the impact this issue has had on our users.



2022-08-12,Update progresse Version


HANCHUESS welcomes security experts and research teams to join our Vulnerability Disclosure Program (VDP). HANCHUESS is commited to taking the responsibility to the security of our users around the world can enjoy a secure and reliable intelligent life.

For the security vulnerabilities disclosed in this page, HANCHUESS does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose or non-infringement. You understand the vulnerabilities disclosure information is just to provide reference for you to assess security risk and make appropriate decision. Your use of the document, by whatsoever means, will be totally at your own risk. In no event shall HANCHUESS or be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.