RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 07 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruoyi
Ruoyi ruoyi
Weaknesses CWE-94
CPEs cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:*
Vendors & Products Ruoyi
Ruoyi ruoyi
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 07 Oct 2024 17:45:00 +0000

Type Values Removed Values Added
Description RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-07T19:35:57.200Z

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-46076

cve-icon Vulnrichment

Updated: 2024-10-07T19:35:49.424Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-07T18:15:04.653

Modified: 2025-05-15T09:32:00.180

Link: CVE-2024-46076

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.