CVE-2022-32065 – com.ruoyi:ruoyi

Package

Manager: maven
Name: com.ruoyi:ruoyi
Vulnerable Version: >=0 <4.7.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00424 pctl0.61351

Details

RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

Metadata

Created: 2022-07-14T00:00:16Z
Modified: 2022-07-29T17:55:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-6w2f-6wq3-rjvf/GHSA-6w2f-6wq3-rjvf.json
CWE IDs: ["CWE-434", "CWE-79"]
Alternative ID: GHSA-6w2f-6wq3-rjvf
Finding: F027
Auto approve: 1