CVE-2021-31635
- EPSS 1.26%
- Veröffentlicht 26.06.2023 19:15:09
- Zuletzt bearbeitet 05.12.2024 16:15:19
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
CVE-2021-31649
- EPSS 0.41%
- Veröffentlicht 24.06.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:06:04
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
CVE-2021-33348
- EPSS 0.2%
- Veröffentlicht 24.06.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:44
An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases.
CVE-2019-17352
- EPSS 0.29%
- Veröffentlicht 08.10.2019 13:15:15
- Zuletzt bearbeitet 21.11.2024 04:32:09
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step...