Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02dzJmLTZ3cTMtcmp2Zs4AAtYp
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
Permalink: https://github.com/advisories/GHSA-6w2f-6wq3-rjvfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02dzJmLTZ3cTMtcmp2Zs4AAtYp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-6w2f-6wq3-rjvf, CVE-2022-32065
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-32065
- https://github.com/yangzongzhuan/RuoYi/issues/118
- https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://gitee.com/y_project/RuoYi/issues/I57IME
- https://github.com/advisories/GHSA-6w2f-6wq3-rjvf
Blast Radius: 1.0
Affected Packages
maven:com.ruoyi:ruoyi
Affected Version Ranges: < 4.7.4Fixed in: 4.7.4