Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ageerle ruoyi-ai SysNoticeController.java improper authorization
Vulnerability Description
A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 6382e177bf90cc56ff70521842409e35c50df32d. It is recommended to upgrade the affected component.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
RuoYi AI 安全漏洞
Vulnerability Description
RuoYi AI是ageerle个人开发者的一个全栈式 AI 开发平台,旨在帮助开发者快速构建和部署个性化的 AI 应用。 RuoYi AI 2.0.0及之前版本存在安全漏洞,该漏洞源于SysNoticeController.java文件存在授权不当。
CVSS Information
N/A
Vulnerability Type
N/A