ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
File Upload
Zrlog
NVD
GitHub
CVSS 3.1
7.8
EPSS
1.4%