GSA_kwCzR0hTQS02dzJmLTZ3cTMtcmp2Zs4AAtYp

Moderate EPSS: 0.00424% (0.61371 Percentile) EPSS:

Permalink JSON

RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module

Affected Packages	Affected Versions	Fixed Versions
maven:com.ruoyi:ruoyi	< 4.7.4	4.7.4

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-32065
https://github.com/yangzongzhuan/RuoYi/issues/118
https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
https://gitee.com/y_project/RuoYi/issues/I57IME
https://github.com/advisories/GHSA-6w2f-6wq3-rjvf

Identifiers

GHSA-6w2f-6wq3-rjvf

CVE-2022-32065

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00424

EPSS Percentile: 0.61371

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yangzongzhuan/RuoYi

Date and time

Published

about 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories