Path Traversal Vulnerability in gin-vue-admin Affected by Flipped Aurora
CVE-2022-47762

7.5HIGH

Key Information:

Vendor: Gin-vue-admin Project
Status: Gin-vue-admin
Vendor: CVE Published:; 3 February 2023

🔔 Create Gin-vue-admin Project Vulnerability Alert

What is CVE-2022-47762?

The gin-vue-admin framework, used for building Vue.js applications, prior to version 2.5.5, contains a Path Traversal vulnerability in its download module. This flaw allows attackers to manipulate the file path through user input, potentially enabling unauthorized access to sensitive files on the server. It is crucial to upgrade to the latest version or implement proper security measures to mitigate this risk.

References

https://github.com/flipped-aurora/gin-vue-admin/issues/1309

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Dec 21, 2022

CVE-2022-47762 Data

JSON