Description
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
Remediation
References
https://github.com/jfinal/jfinal/issues/187
Related Vulnerabilities
CVE-2020-28441 Vulnerability in npm package conf-cfg-ini
CVE-2021-46708 Vulnerability in maven package org.webjars.bower:swagger-ui
CVE-2020-8840 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-21126 Vulnerability in maven package com.github.samtools:htsjdk
CVE-2023-31717 Vulnerability in npm package @frangoteam/fuxa