Description
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
Remediation
References
https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0
https://gitee.com/y_project/RuoYi/issues/I697Q5
Related Vulnerabilities
CVE-2017-16221 Vulnerability in npm package yzt
CVE-2022-2218 Vulnerability in maven package org.webjars.npm:parse-url
CVE-2023-40185 Vulnerability in npm package shescape
CVE-2020-28502 Vulnerability in maven package org.webjars.npm:xmlhttprequest
CVE-2022-24897 Vulnerability in maven package org.xwiki.commons:xwiki-commons-velocity