CVE-2022-24844
Last modified
CVE-2022-24844 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. EPSS estimates a 1.40% chance of exploitation in the next 30 days.
Description
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login) and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gin-Vue-Admin Project | Gin-Vue-Admin | < 2.5.1 |
References
- https://github.com/flipped-aurora/gin-vue-admin/pull/1024Patch, Third Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425Exploit, Patch, Third Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/pull/1024Patch, Third Party Advisory
- https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-5g92-6hpp-w425Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-24844?
How severe is CVE-2022-24844?
How do I fix CVE-2022-24844?
Are you affected by CVE-2022-24844?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST