CVE-2024-31457
📋 TL;DR
This CVE describes a code injection vulnerability in gin-vue-admin's plugin template feature where attackers can perform directory traversal via the plugName parameter. This allows creation of arbitrary folders and insertion of malicious Go code. All systems running vulnerable versions of gin-vue-admin are affected.
💻 Affected Systems
- gin-vue-admin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and persistent backdoor installation.
Likely Case
Arbitrary file creation and code injection allowing privilege escalation and unauthorized system modifications.
If Mitigated
Limited impact with proper input validation and directory restrictions in place.
🎯 Exploit Status
Exploitation requires access to the plugin template feature, which typically requires authentication. Specific PoC parameters exist for code injection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit b1b7427c6ea6c7a027fa188c6be557f3795e732b (pseudoversion 0.0.0-20240409100909-b1b7427c6ea6)
Vendor Advisory: https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4
Restart Required: Yes
Instructions:
1. Update to commit b1b7427c6ea6c7a027fa188c6be557f3795e732b or later. 2. Pull latest changes from GitHub repository. 3. Rebuild and restart the gin-vue-admin application.
🔧 Temporary Workarounds
Input validation and filtering
allManually implement filtering to prevent directory traversal in the PlugName parameter
Implement input validation to reject paths containing '../' or similar traversal sequences
Restrict PlugName to alphanumeric characters only
🧯 If You Can't Patch
- Disable the Plugin System -> Plugin Template feature entirely
- Implement strict input validation and sanitization for the PlugName parameter
🔍 How to Verify
Check if Vulnerable:
Check if running version 2.6.1 or earlier, or pseudoversion before 0.0.0-20240409100909-b1b7427c6ea6Check Version:
Check git commit hash or version in application configurationVerify Fix Applied:
Verify application is running commit b1b7427c6ea6c7a027fa188c6be557f3795e732b or later📡 Detection & Monitoring
Log Indicators:
- Unusual plugin template creation attempts
- Directory traversal patterns in plugName parameter
- Creation of api/config/global/model/router/service/main.go folders
Network Indicators:
- HTTP requests to plugin template endpoints with suspicious plugName values
SIEM Query:
web_requests WHERE (uri CONTAINS '/plugin/template' AND parameters CONTAINS '../') OR (uri CONTAINS '/plugin/template' AND parameters CONTAINS 'plugName=' AND (parameters CONTAINS '../' OR parameters CONTAINS '..\\'))🔗 References
- https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b
- https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4
- https://pkg.go.dev/github.com/flipped-aurora/gin-vue-admin/server?tab=versions
- https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b
- https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4
- https://pkg.go.dev/github.com/flipped-aurora/gin-vue-admin/server?tab=versions
