CVE-2022-24843
HIGHgin-vue-admin < 2.5.1 - Path Traversal and Arbitrary File Read
Title source: llmDescription
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/flipped-aurora/gin-vue-admin/issues/1002
Patch, Third Party Advisory x_refsource_misc
https://github.com/flipped-aurora/gin-vue-admin/pull/1024
Patch, Third Party Advisory x_refsource_confirm
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-32gq-gj42-mw43
Scores
CVSS v3
7.5
EPSS
0.0144
EPSS Percentile
69.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
gin-vue-admin_project/gin-vue-admin
< 2.5.1
Published
Apr 13, 2022
Tracked Since
Feb 18, 2026