Description
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
Remediation
References
https://github.com/yangzongzhuan/RuoYi/issues/118
https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
https://gitee.com/y_project/RuoYi/issues/I57IME
Related Vulnerabilities
CVE-2011-2481 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2020-7774 Vulnerability in npm package y18n
CVE-2017-16084 Vulnerability in npm package list-n-stream
CVE-2023-34468 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service
CVE-2018-19839 Vulnerability in maven package org.webjars.npm:node-sass