ГлавнаяУязвимости → CVE-2024-40489
9.8критическая

CVE-2024-40489

Описание

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

Затрагиваемое ПО
Jeecg Jeecg boot
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp