CNNVD-202512-005 Information
CNNVD ID
CNNVD-202512-005
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
Gin-Vue-Admin是flipped-aurora开源的一个基于 Vue 和 Gin 开发的全栈前开发基础平台。 Gin-Vue-Admin 2.8.6及之前版本存在路径遍历漏洞,该漏洞源于攻击者可控制FileMd5参数删除任意文件和文件夹,可能导致服务器资源损坏或不可用。
Description (English)
Gin-Vue-Admin is a foundation platform for all-canton development based on Vue and Gin. Gin-Vue-Admin 2.8.6 and previous versions have a loophole in the path, which stems from the fact that the assailant can control FileMd5 parameters to remove any files and folders, which may cause damage to or non-availability of server resources.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
flipped-aurora
Published
2025-12-01
Last Modified
2026-02-24
References
https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-jrhg-82w2-vvj7 https://github.com/flipped-aurora/gin-vue-admin/commit/ee8d8d7e04d9c38a35a6969f20e75213e84f57c6 https://access.redhat.com/security/cve/cve-2025-66410
Patch
https://github.com/flipped-aurora/gin-vue-admin/releases
Share on: