CVE-2022-39345Path Traversal in Gin-vue-admin

CWE-22Path TraversalCWE-23Relative Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
CNA9.8
EPSS
0.6%
top 29.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Flipped-aurora Gin-vue-adminGithub.com Flipped-aurora Gin-vue-admin ServerGin-vue-admin Project Gin-vue-admin
Timeline
PublishedOct 25

Description

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5flipped-aurora/gin-vue-admin< 2.5.4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
CVEList
Gin-vue-admin arbitrary file upload vulnerability caused by path traversal2022-10-25
OSV
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability2022-10-25
GHSA
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability2022-10-25
CVE-2022-39345 — Path Traversal in Gin-vue-admin | cvebase