RSS   Vulnerabilities for 'Gin-vue-admin'   RSS

2022-04-13
 
CVE-2022-24843

CWE-22
 

 
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue.

 
 
CVE-2022-24844

CWE-89
 

 
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.

 
2022-02-09
 
CVE-2022-21660

CWE-862
 

 
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds.

 
2021-11-24
 
CVE-2021-44219

NVD-CWE-noinfo
 

 
Gin-Vue-Admin before 2.4.6 mishandles a SQL database.

 


Copyright 2024, cxsecurity.com

 

Back to Top