CVE-2024-6511

Name of the Vulnerable Software and Affected Versions y project RuoYi versions up to 4.7.9

Description A vulnerability was found in the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 4.7.9, as a temporary workaround, consider disabling the isJsonRequest function until a patch is available. Restrict access to the Content-Type Handler component to minimize the risk of exploitation. Avoid using the HttpHeaders.CONTENT TYPE argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.