CVE-2023-27025: Download of Code Without Integrity Check

April 2, 2023 (updated April 7, 2023)

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.

References

gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0
gitee.com/y_project/RuoYi/issues/I697Q5
github.com/advisories/GHSA-h4c9-rr5m-32fm
nvd.nist.gov/vuln/detail/CVE-2023-27025

Detect and mitigate CVE-2023-27025 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →