Description
An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code.
Basic information
- Type
- reviewed
- Severity
- critical
- Advisory on GitHub
- Open advisory ↗
- Repository advisory
- —
- Source code
- Browse source ↗
- Published (advisory)
- 2022-05-24 19:10:22 UTC
- Updated
- 2023-08-23 18:26:18 UTC
- GitHub reviewed
- 2023-07-13 23:25:51 UTC
- NVD published
- 2021-08-06
EPSS Score
| Score |
Percentile |
|
5.88%
|
90.50% |
CVSS Scores
No CVSS scores in this advisory.
CWEs
| CWE id |
Name |
|
CWE-434
|
Unrestricted Upload of File with Dangerous Type |
Affected packages (1)
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem |
Package |
Vulnerable range |
First patched |
Vulnerable functions |
| maven |
org.jeecgframework.boot:jeecg-boot-parent |
<= 2.3 |
— |
—
|
cvelogic
Threat Intelligence