Description
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
Remediation
References
https://gitee.com/y_project/RuoYi/commit/432d5ce1be2e9384a6230d7ccd8401eef5ce02b0
https://gitee.com/y_project/RuoYi/issues/I697Q5
Related Vulnerabilities
CVE-2023-49382 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-21129 Vulnerability in npm package nemo-appium
CVE-2017-16093 Vulnerability in npm package cyber-js
CVE-2019-5479 Vulnerability in npm package larvitbase-api
CVE-2020-14967 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign