CVE-2022-32065
- Source
- https://cve.org/CVERecord?id=CVE-2022-32065
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32065.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-32065
- Aliases
- Published
- 2022-07-13T15:15:10.707Z
- Modified
- 2026-02-13T08:31:46.960011Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.
- References
-
- https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://gitee.com/y_project/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://gitee.com/y_project/RuoYi/issues/I57IME
- https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://github.com/yangzongzhuan/RuoYi/issues/118
- https://gitee.com/y_project/RuoYi/issues/I57IME
- https://github.com/yangzongzhuan/RuoYi/issues/118
- https://github.com/yangzongzhuan/RuoYi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6
- https://gitee.com/y_project/RuoYi/issues/I57IME
- https://github.com/yangzongzhuan/RuoYi/issues/118
Affected packages
Git / github.com/yangzongzhuan/ruoyi
Affected ranges
- Type
- GIT
- Repo
- https://github.com/yangzongzhuan/ruoyi
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v2.*
v2.2
v2.3
v2.4
v3.*
v3.0
v3.1
v3.2
v3.3
v3.4
v4.*
v4.0
v4.1
v4.2
v4.3
v4.3.1
v4.4
v4.5.0
v4.5.1
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-32065.json"
vanir_signatures
[
{
"digest": {
"line_hashes": [
"310735121276722192299964965078095811308",
"19825365431255629273863119302958106262",
"17620255423507479804665933896277492101",
"177061473010337358847418197963668565444"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "ruoyi-common/src/main/java/com/ruoyi/common/exception/file/InvalidExtensionException.java"
},
"signature_type": "Line",
"id": "CVE-2022-32065-1f6497b5",
"source": "https://github.com/yangzongzhuan/ruoyi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6",
"deprecated": false
},
{
"digest": {
"function_hash": "19694962469981967058057745653945381299",
"length": 254.0
},
"signature_version": "v1",
"target": {
"file": "ruoyi-common/src/main/java/com/ruoyi/common/exception/file/InvalidExtensionException.java",
"function": "InvalidExtensionException"
},
"signature_type": "Function",
"id": "CVE-2022-32065-ea6498e2",
"source": "https://github.com/yangzongzhuan/ruoyi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"308272054755351381330280188361592092298",
"289420847547964015586167853056887380008",
"325028111115640944857999938457945223063",
"26098085904496894713601902342107620793",
"199910151512973175914405372321547223358",
"208303185908374213977017827837748836085",
"228921750470304584584691816023617311777",
"1587371070581513123018065685179950415"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java"
},
"signature_type": "Line",
"id": "CVE-2022-32065-f2c4b81c",
"source": "https://github.com/yangzongzhuan/ruoyi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6",
"deprecated": false
},
{
"digest": {
"function_hash": "113941333650743521420454907298250772311",
"length": 491.0
},
"signature_version": "v1",
"target": {
"file": "ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java",
"function": "updateAvatar"
},
"signature_type": "Function",
"id": "CVE-2022-32065-fda625e8",
"source": "https://github.com/yangzongzhuan/ruoyi/commit/d8b2a9a905fb750fa60e2400238cf4750a77c5e6",
"deprecated": false
}
]