CVE-2024-6511

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6511

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6511.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6511

Published

2024-07-04T19:15:11Z

Modified

2025-05-17T14:23:29.964505Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic was found in yproject RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENTTYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343.

References

Affected packages

Git / github.com/yangzongzhuan/ruoyi

Affected ranges

Type: GIT
Repo: https://github.com/yangzongzhuan/ruoyi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4f5bf990bf5663b729ea5b14d13e14adb3d26d5a

Affected versions

v2.*

v2.2

v2.3

v2.4

v3.*

v3.0

v3.1

v3.2

v3.3

v3.4

v4.*

v4.0

v4.1

v4.2

v4.3

v4.3.1

v4.4

v4.5.0

v4.5.1

v4.6.0

v4.6.1

v4.6.2

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.6

v4.7.7

v4.7.8

v4.7.9