Description
JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter.
Remediation
References
https://gitee.com/heyewei/JFinalcms/issues/I7WGC6
Related Vulnerabilities
CVE-2020-36183 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-0087 Vulnerability in npm package @keystone-6/auth
CVE-2022-29219 Vulnerability in npm package @chainsafe/lodestar
CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base
CVE-2020-36320 Vulnerability in maven package com.vaadin:vaadin-server