Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: gin-vuew-admin downloadTemplate 存在1处安全漏洞 #1309

Closed
LeoHuang2015 opened this issue Dec 12, 2022 · 1 comment
Closed

[Bug]: gin-vuew-admin downloadTemplate 存在1处安全漏洞 #1309

LeoHuang2015 opened this issue Dec 12, 2022 · 1 comment
Assignees
@piexlmax @SliverHorn @songzhibin97 @bypanghu
Labels
bug Something isn't working

Comments

@LeoHuang2015
Copy link

LeoHuang2015 commented Dec 12, 2022
edited
Loading

gin-vue-admin 版本

v2.5.4b

Node 版本

v19.2.0

Golang 版本

go1.19.3 darwin/arm64

是否依旧存在

可以

bug描述

I've already send an email to security mail but there is no response, so I report a bug!

I found a security vulnerability like GHSA-32gq-gj42-mw43 .
I found the bug is closed : #1002

But there are following problems here:
image

  1. The place where the problem is found is: downloadTemplate interface;

image

  1. The repaired place is: ExportExcel interface 。

image

This vulnerability is to repair the export interface and perform verification, but the download interface is not repaired, so the vulnerability still exists in the download interface and can be directly exploited.

修改建议

No response
@LeoHuang2015 LeoHuang2015 added the bug Something isn't working label Dec 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@piexlmax piexlmax

@SliverHorn SliverHorn

@songzhibin97 songzhibin97

@bypanghu bypanghu

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@LeoHuang2015 @SliverHorn @songzhibin97 @bypanghu and others