Description
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
Remediation
References
https://github.com/jeecgboot/jeecg-boot/issues/4990
Related Vulnerabilities
CVE-2023-24188 Vulnerability in maven package com.bstek.ureport:ureport2-core
CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12
CVE-2021-38384 Vulnerability in npm package serverless-offline
CVE-2022-25349 Vulnerability in npm package materialize-css
CVE-2023-49378 Vulnerability in maven package com.jfinal:jfinal