CVE-2022-39305

Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.5.4

Description The issue concerns an arbitrary file read due to insufficient validation of the fileMd5 and fileName parameters in the file upload functionality. This allows unauthorized access to files. The problem is resolved in version 2.5.4b.

Recommendations For versions prior to 2.5.4, update to version 2.5.4b to resolve the issue. As a temporary workaround, consider disabling the file upload feature until the update is applied. Restrict access to sensitive files and directories to minimize the risk of exploitation.