CVE-2024-40489

Sažetak

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

Reference

https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0
https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

03-04-2026 - 16:11

Objavljeno

01-04-2026 - 17:16