Vulnerability Description
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gin-Vue-Admin Project | Gin-Vue-Admin | < 2.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/flipped-aurora/gin-vue-admin/issues/1002Issue TrackingThird Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/pull/1024PatchThird Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-32gq-gjPatchThird Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/issues/1002Issue TrackingThird Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/pull/1024PatchThird Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-32gq-gjPatchThird Party Advisory
FAQ
What is CVE-2022-24843?
CVE-2022-24843 is a vulnerability with a CVSS score of 7.5 (HIGH). Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of par...
How severe is CVE-2022-24843?
CVE-2022-24843 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24843?
Check the references section above for vendor advisories and patch information. Affected products include: Gin-Vue-Admin Project Gin-Vue-Admin.