javahongxi whatsmars 2021.4.0 InitializrController.java initialize artifactId Dafiyar fayil ɗin cikin kundin ajiyar bayanai

Hakika vulnerability da aka rarraba a matsayin kura an gano a javahongxi whatsmars 2021.4.0. Tabbas, aikin initialize ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java, a cikin sashi $software_component. Wuro manipulation of the argument artifactId ga Dafiyar fayil ɗin cikin kundin ajiyar bayanai. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-22. Lalle, rauni an sanar da shi 06/15/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-6109. Ngam yiɗi ka a tuma ndiyam ka nder layi. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

4 Goyarwa · 90 Datenpunkte

FurɗeSúgá
06/15/2025 12:02		Gargadi 1/3
06/16/2025 08:38		Gargadi 2/3
06/16/2025 10:06		Gargadi 3/3
06/16/2025 10:24
cvss2_vuldb_aiNNNN
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcURURURUR
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_uiNNNN
cvss4_vuldb_vcLLLL
cvss4_vuldb_viNNNN
cvss4_vuldb_vaNNNN
cvss4_vuldb_ePPPP
cvss2_vuldb_auSSSS
cvss2_vuldb_rlNDNDNDND
cvss3_vuldb_prLLLL
cvss3_vuldb_rlXXXX
cvss4_vuldb_atNNNN
cvss4_vuldb_prLLLL
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss2_vuldb_basescore4.04.04.04.0
cvss2_vuldb_tempscore3.43.43.43.4
cvss3_vuldb_basescore4.34.34.34.3
cvss3_vuldb_tempscore3.93.93.93.9
cvss3_meta_basescore4.34.34.34.3
cvss3_meta_tempscore3.94.14.14.1
cvss4_vuldb_bscore5.35.35.35.3
cvss4_vuldb_btscore2.12.12.12.1
advisory_date1749938400 (06/15/2025)1749938400 (06/15/2025)1749938400 (06/15/2025)1749938400 (06/15/2025)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
software_vendorjavahongxijavahongxijavahongxijavahongxi
software_namewhatsmarswhatsmarswhatsmarswhatsmars
software_version2021.4.02021.4.02021.4.02021.4.0
software_file/whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java/whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java/whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java/whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java
software_functioninitializeinitializeinitializeinitialize
software_argumentartifactIdartifactIdartifactIdartifactId
vulnerability_cweCWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)CWE-22 (Dafiyar fayil ɗin cikin kundin ajiyar bayanai)
vulnerability_risk2222
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cLLLL
cvss3_vuldb_iNNNN
cvss3_vuldb_aNNNN
cvss3_vuldb_ePPPP
cvss3_vuldb_rcRRRR
advisory_urlhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.mdhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.mdhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.mdhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.md
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.md#steps-to-reproducehttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.md#steps-to-reproducehttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.md#steps-to-reproducehttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-02.md#steps-to-reproduce
source_cveCVE-2025-6109CVE-2025-6109CVE-2025-6109CVE-2025-6109
cna_responsibleVulDBVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
software_typeProgramming Language SoftwareProgramming Language SoftwareProgramming Language SoftwareProgramming Language Software
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciPPPP
cvss2_vuldb_iiNNNN
cve_nvd_summaryA vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_avNNN
cvss4_cna_acLLL
cvss4_cna_atNNN
cvss4_cna_prLLL
cvss4_cna_uiNNN
cvss4_cna_vcLLL
cvss4_cna_viNNN
cvss4_cna_vaNNN
cvss4_cna_scNNN
cvss4_cna_siNNN
cvss4_cna_saNNN
cvss4_cna_bscore5.35.35.3
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prLLL
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cLLL
cvss3_cna_iNNN
cvss3_cna_aNNN
cvss3_cna_basescore4.34.34.3
cvss2_cna_avNNN
cvss2_cna_acLLL
cvss2_cna_auSSS
cvss2_cna_ciPPP
cvss2_cna_iiNNN
cvss2_cna_aiNNN
cvss2_cna_basescore444
euvd_idEUVD-2025-18365EUVD-2025-18365
cve_nvd_summaryesSe encontró una vulnerabilidad en javahongxi whatsmars 2021.4.0. Se ha clasificado como problemática. Este problema afecta a la función initialize del archivo /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. La manipulación del argumento artifactId provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió.

GurɗoGumtiGada

Want to stay up to date on a daily basis?

Enable the mail alert feature now!