Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
References
Link | Resource |
---|---|
https://www.du1ge.com/archives/CVE-2021-38241 | Third Party Advisory |
https://www.du1ge.com/archives/CVE-2021-38241 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.du1ge.com/archives/CVE-2021-38241 - Third Party Advisory |
21 Dec 2022, 19:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:ruoyi:ruoyi:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.du1ge.com/archives/CVE-2021-38241 - Third Party Advisory | |
CWE | CWE-502 |
19 Dec 2022, 02:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-16 22:15
Updated : 2024-11-21 06:16
NVD link : CVE-2021-38241
Mitre link : CVE-2021-38241
CVE.ORG link : CVE-2021-38241
JSON object : View
Products Affected
ruoyi
- ruoyi
CWE
CWE-502
Deserialization of Untrusted Data