File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " 若依管理系统(RuoYi)是一款基于SpringBoot的Java快速开发框架,其/common/download/resource接口存在路径遍历漏洞(CWE-22)。攻击者无需认证即可通过构造包含../的resource参数读取服务器上任意文件,如/etc/passwd等系统敏感文件,导致服务器敏感信息泄露。该漏洞影响RuoYi v4.5.1以下版本。"
3+ published = " 2021-07-04"
4+ remediation = " 升级若依管理系统至v4.5.1及以上版本,该版本已对resource参数添加路径过滤。临时措施:在Web应用防火墙中拦截包含../的请求路径,限制文件下载范围至特定目录并实施白名单机制。"
5+ score = 8.6
6+ severity = " HIGH"
7+ sources = [
8+ " cnvd" ,
9+ " nuclei" ,
10+ ]
11+ title = " 若依管理系统 路径遍历致任意文件读取漏洞"
12+ updated = " 2026-07-14"
13+
14+ [exploit ]
15+ exp_urls = []
16+ poc_urls = []
17+
18+ [id ]
19+ aliases = [
20+ " CNVD-2021-01931" ,
21+ " NUCLEI-HTTP-CNVD-2021-CNVD-2021-01931-YAML" ,
22+ ]
23+ ave_id = " AVE-2021-0001"
24+
25+ [meta ]
26+ collected_at = " 2026-07-14T17:42:27.865869964+00:00"
27+ status = " completed"
28+
29+ [references ]
30+ urls = [" https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md" ]
You can’t perform that action at this time.
0 commit comments