Maven package
com.ruoyi/ruoyi
pkg:maven/com.ruoyi/ruoyi
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-57439 | — | <= 4.8.0 | — | Jan 29, 2025 | An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. | ||
| CVE-2024-57438 | — | <= 4.8.0 | — | Jan 29, 2025 | Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. | ||
| CVE-2024-57436 | — | <= 4.8.0 | — | Jan 29, 2025 | RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie. | ||
| CVE-2023-49371 | — | <= 4.6 | — | Dec 1, 2023 | RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | ||
| CVE-2023-3815 | — | <= 4.7.7 | — | Jul 21, 2023 | A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack m | ||
| CVE-2023-3163 | — | <= 4.7.7 | — | Jun 8, 2023 | A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability. | ||
| CVE-2023-27025 | — | < 4.7.7 | 4.7.7 | Apr 2, 2023 | An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. | ||
| CVE-2022-32065 | — | < 4.7.4 | 4.7.4 | Jul 13, 2022 | An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. |
- CVE-2024-57439Jan 29, 2025affected <= 4.8.0
An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.
- CVE-2024-57438Jan 29, 2025affected <= 4.8.0
Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
- CVE-2024-57436Jan 29, 2025affected <= 4.8.0
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
- CVE-2023-49371Dec 1, 2023affected <= 4.6
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
- CVE-2023-3815Jul 21, 2023affected <= 4.7.7
A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack m
- CVE-2023-3163Jun 8, 2023affected <= 4.7.7
A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.
- CVE-2023-27025Apr 2, 2023affected < 4.7.7fixed 4.7.7
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
- CVE-2022-32065Jul 13, 2022affected < 4.7.4fixed 4.7.4
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.