CNNVD-202506-2896 Information
CNNVD ID
CNNVD-202506-2896
Related CVE
- CNNVD Published: 2025-06-22
Description (Chinese)
RuoYi AI是ageerle个人开发者的一个全栈式 AI 开发平台,旨在帮助开发者快速构建和部署个性化的 AI 应用。 RuoYi AI 2.0.0版本存在代码问题漏洞,该漏洞源于参数File的错误操作导致无限制上传。
Description (English)
RuoYi AI is a whole house AI development platform for personal developers to help developers quickly build and deploy personal AI applications. RuoYi AI 2.0 has a code problem loophole, which stems from the error of the parameter File, which resulted in unlimited uploading.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Live Support
Published
2025-06-22
Last Modified
2026-02-24
References
https://github.com/ageerle/ruoyi-ai/issues/9#event-16775988438 https://github.com/ageerle/ruoyi-ai/releases/tag/v2.0.1 https://vuldb.com/?ctiid.313574 https://github.com/ageerle/ruoyi-ai/commit/4e93ac86d4891c59ecfcd27c051de9b3c5379315 https://vuldb.com/?submit.598365 https://vuldb.com/?id.313574 https://access.redhat.com/security/cve/cve-2025-6466 https://nvd.nist.gov/vuln/detail/CVE-2025-6466
Patch
https://github.com/ageerle/ruoyi-ai/releases
Share on: