JEECG
by Jeecg
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49442 | 0.04 | — | 0.39 | Jan 3, 2024 | Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | |||
| CVE-2020-23083 | 0.01 | — | 0.04 | May 3, 2021 | Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". | |||
| CVE-2020-20948 | 0.00 | — | 0.01 | Dec 27, 2021 | An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. |
- CVE-2023-49442Jan 3, 2024risk 0.04cvss —epss 0.39
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.
- CVE-2020-23083May 3, 2021risk 0.01cvss —epss 0.04
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".
- CVE-2020-20948Dec 27, 2021risk 0.00cvss —epss 0.01
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.