GSA_kwCzR0hTQS1xcTVoLXJqajktcTlxZ84ABD6-

Moderate EPSS: 0.00235% (0.46513 Percentile) EPSS:

Permalink JSON

RuoYi vulnerable to Denial of Service by attackers with admin privileges

Affected Packages	Affected Versions	Fixed Versions
maven:com.ruoyi:ruoyi	<= 4.8.0	No known fixed version

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-57439
https://gitee.com/y_project/RuoYi
https://github.com/peccc/restful_vul/blob/main/ruoyi_dos/ruoyi_dos.md
https://github.com/yangzongzhuan/RuoYi
https://ruoyi.vip
https://github.com/advisories/GHSA-qq5h-rjj9-q9qg

Identifiers

GHSA-qq5h-rjj9-q9qg

CVE-2024-57439

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00235

EPSS Percentile: 0.46513

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/peccc/restful_vul

Date and time

Published

7 months ago

Updated

7 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories