VDB-231090 · CVE-2023-3163 · I78DOR

y_project RuoYi ଯେପର୍ଯ୍ୟନ୍ତ 4.7.7 filterKeyword ମୂଲ୍ୟ ସେବା ପ୍ରତ୍ୟାଖ୍ୟାନ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame y_project RuoYi ଯେପର୍ଯ୍ୟନ୍ତ 4.7.7 keessatti argameera. Kan miidhamte is hojii filterKeyword. Hojii jijjiirraa irratti gaggeeffame ମୂଲ୍ୟ gara ସେବା ପ୍ରତ୍ୟାଖ୍ୟାନ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-400 geessa. Dadhabbii kana yeroo 06/08/2023 maxxanfameera akka I78DOR. Odeeffannoon kun buufachuuf gitee.com irratti qoodameera. Dogoggorri kun akka CVE-2023-3163tti beekama. Konkolaataa naannoo keessa seenuu barbaachisa ta'ee, weerarri kun milkaa'uuf. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 ଆଡାପ୍ଟେସନ୍ · 70 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/08/2023 03:00 PM	ଅଦ୍ୟତନ 1/2 07/07/2023 10:02 AM	ଅଦ୍ୟତନ 2/2 07/07/2023 10:03 AM
software_vendor	y_project	y_project	y_project
software_name	RuoYi	RuoYi	RuoYi
software_version	<=4.7.7	<=4.7.7	<=4.7.7
software_function	filterKeyword	filterKeyword	filterKeyword
software_argument	value	value	value
vulnerability_cwe	CWE-400 (ସେବା ପ୍ରତ୍ୟାଖ୍ୟାନ)	CWE-400 (ସେବା ପ୍ରତ୍ୟାଖ୍ୟାନ)	CWE-400 (ସେବା ପ୍ରତ୍ୟାଖ୍ୟାନ)
vulnerability_risk	1	1	1
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rc	R	R	R
advisory_identifier	I78DOR	I78DOR	I78DOR
advisory_url	https://gitee.com/y_project/RuoYi/issues/I78DOR	https://gitee.com/y_project/RuoYi/issues/I78DOR	https://gitee.com/y_project/RuoYi/issues/I78DOR
source_cve	CVE-2023-3163	CVE-2023-3163	CVE-2023-3163
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1686175200 (06/08/2023)	1686175200 (06/08/2023)	1686175200 (06/08/2023)
software_type	Project Management Software	Project Management Software	Project Management Software
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	2.7	2.7	2.7
cvss2_vuldb_tempscore	2.6	2.6	2.6
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.8
cvss3_meta_tempscore	3.4	3.4	4.8
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1686175200 (06/08/2023)	1686175200 (06/08/2023)
cve_nvd_summary		A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.	A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			N
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			N
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			N
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			2.7
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			3.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!