Gin-vue-admin arbitrary file upload vulnerability caused by path traversal
CVE-2022-39345

9.8CRITICAL

Key Information:

Vendor: Flipped-aurora
Status: Gin-vue-admin
Vendor: CVE Published:; 25 October 2022

🔔 Create Flipped-aurora Vulnerability Alert

What is CVE-2022-39345?

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin prior to 2.5.4 is vulnerable to path traversal, which leads to file upload vulnerabilities. Version 2.5.4 contains a patch for this issue. There are no workarounds aside from upgrading to a patched version.

Affected Version(s)

gin-vue-admin < 2.5.4

References

https://github.com/flipped-aurora/gin-vue-admin/security/...

https://github.com/flipped-aurora/gin-vue-admin/issues/1263

https://github.com/flipped-aurora/gin-vue-admin/pull/1264

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Sep 2, 2022