Vulnerabilities (CVE)

Filtered by vendor Gin-vue-admin Project Subscribe

Filtered by product Gin-vue-admin

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-24844	2 Gin-vue-admin Project, Postgresql	2 Gin-vue-admin, Postgresql	2022-05-16	6.5 MEDIUM	8.8 HIGH
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. The problem occurs in the following code in server/service/system/sys_auto_code_pgsql.go, which means that PostgreSQL must be used as the database for this vulnerability to occur. Users must: Require JWT login? and be using PostgreSQL to be affected. This issue has been resolved in version 2.5.1. There are no known workarounds.
CVE-2022-21660	1 Gin-vue-admin Project	1 Gin-vue-admin	2022-02-15	5.5 MEDIUM	8.1 HIGH
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds.