VYPR

JEECG

by Jeecg

CVEs (3)

  • CVE-2023-49442Jan 3, 2024
    risk 0.04cvss epss 0.39

    Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

  • CVE-2020-23083May 3, 2021
    risk 0.01cvss epss 0.04

    Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".

  • CVE-2020-20948Dec 27, 2021
    risk 0.00cvss epss 0.01

    An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.