GHSA-qq5h-rjj9-q9qg

Suggest an improvement
Source
https://github.com/advisories/GHSA-qq5h-rjj9-q9qg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-qq5h-rjj9-q9qg/GHSA-qq5h-rjj9-q9qg.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qq5h-rjj9-q9qg
Aliases
Published
2025-01-29T15:31:35Z
Modified
2025-01-29T19:27:09.963246Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
RuoYi vulnerable to Denial of Service by attackers with admin privileges
Details

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account.

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": "2025-01-29T15:15:17Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-281"
    ],
    "github_reviewed_at": "2025-01-29T19:20:35Z"
}
References

Affected packages

Maven / com.ruoyi:ruoyi

Package

Name
com.ruoyi:ruoyi
View open source insights on deps.dev
Purl
pkg:maven/com.ruoyi/ruoyi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
4.8.0