Description
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
Remediation
References
https://github.com/jeecgboot/jeecg-boot/issues/4990
Related Vulnerabilities
CVE-2020-23849 Vulnerability in npm package jsoneditor
CVE-2016-10735 Vulnerability in maven package ua.mobius.media:bootstrap
CVE-2019-1003000 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2022-39381 Vulnerability in npm package hummus
CVE-2020-26302 Vulnerability in maven package org.webjars.bowergithub.arasatasaygin:is.js