com.ruoyi:ruoyi (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.ruoyi:ruoyi, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2023-27025 — CVSS 7.5 (high): An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download…
CVE-2024-57436 — CVSS 7.2 (high): RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can…
CVE-2022-32065 — CVSS 5.4 (medium): An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary…
CVE-2024-57438 — CVSS 5.4 (medium): Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
CVE-2024-57439 — CVSS 4.9 (medium): An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by…
CVE-2023-3163 — CVSS 3.5 (low): A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword…
CVE-2023-3815 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function…