CPE Details
gin-vue-admin Project gin-vue-admin 2.5.4
2.5.4
2022-10-19
11h40 +00:00
11h40 +00:00
2022-10-19
12h59 +00:00
12h59 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:gin-vue-admin_project:gin-vue-admin:2.5.4:*:*:*:*:*:*:*
Informations
Vendor
gin-vue-admin_projectProduct
gin-vue-adminVersion
2.5.4Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. | 7.5 |
High |
||
| Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. | 9.8 |
Critical |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.