CVE-2022-24844

Опубликовано: 13 апр. 2022

Источник: nvd

CVSS3: 8.1

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login） and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.

Ссылки

https://github.com/flipped-aurora/gin-vue-admin/pull/1024
Patch
Third Party Advisory
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425
Exploit
Patch
Third Party Advisory
https://github.com/flipped-aurora/gin-vue-admin/pull/1024
Patch
Third Party Advisory
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:gin-vue-admin_project:gin-vue-admin:*:*:*:*:*:*:*:*

Версия до 2.5.1 (исключая)

cpe:2.3:a:postgresql:postgresql:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00438

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

EPSS

Процентиль: 62%

0.00438

Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89