Skip to content

Commit 65a131e

Browse files
committed
add: AVE-2021-0001
1 parent acf32f1 commit 65a131e

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

vulns/2021/AVE-2021-0001.toml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
[basic]
2+
description = "若依管理系统(RuoYi)是一款基于SpringBoot的Java快速开发框架,其/common/download/resource接口存在路径遍历漏洞(CWE-22)。攻击者无需认证即可通过构造包含../的resource参数读取服务器上任意文件,如/etc/passwd等系统敏感文件,导致服务器敏感信息泄露。该漏洞影响RuoYi v4.5.1以下版本。"
3+
published = "2021-07-04"
4+
remediation = "升级若依管理系统至v4.5.1及以上版本,该版本已对resource参数添加路径过滤。临时措施:在Web应用防火墙中拦截包含../的请求路径,限制文件下载范围至特定目录并实施白名单机制。"
5+
score = 8.6
6+
severity = "HIGH"
7+
sources = [
8+
"cnvd",
9+
"nuclei",
10+
]
11+
title = "若依管理系统 路径遍历致任意文件读取漏洞"
12+
updated = "2026-07-14"
13+
14+
[exploit]
15+
exp_urls = []
16+
poc_urls = []
17+
18+
[id]
19+
aliases = [
20+
"CNVD-2021-01931",
21+
"NUCLEI-HTTP-CNVD-2021-CNVD-2021-01931-YAML",
22+
]
23+
ave_id = "AVE-2021-0001"
24+
25+
[meta]
26+
collected_at = "2026-07-14T17:42:27.865869964+00:00"
27+
status = "completed"
28+
29+
[references]
30+
urls = ["https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md"]

0 commit comments

Comments
 (0)