Skip to main content

Jeecg Boot CVE-2023-47467

MEDIUM
Path Traversal (CWE-22)
2023-11-22 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 22, 2023 - 18:15 nvd
MEDIUM 6.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 3 maven packages depend on org.jeecgframework.boot:jeecg-boot-common (3 direct, 0 indirect)

Ecosystem-wide dependent count for version 3.6.0.

DescriptionNVD

Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.

AnalysisAI

Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. Affected products include: Jeecg Jeecg Boot.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2022-45207 CRITICAL POC
9.8 Nov 25

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. Rat

CVE-2022-45206 CRITICAL POC
9.8 Nov 25

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/duplicate/check. Rated

CVE-2024-48307 CRITICAL POC
9.8 Oct 31

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalD

CVE-2023-41544 CRITICAL POC
9.8 Dec 30

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted

CVE-2023-41543 CRITICAL POC
9.8 Dec 30

SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive in

CVE-2023-41542 CRITICAL POC
9.8 Dec 30

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensi

CVE-2023-42268 CRITICAL POC
9.8 Sep 08

Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/s

CVE-2023-38992 CRITICAL POC
9.8 Jul 28

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeD

CVE-2023-34659 CRITICAL POC
9.8 Jun 16

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interfac

CVE-2023-1454 CRITICAL POC
9.8 Mar 17

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. Rated critical severity (CVSS 9.8), this vuln

CVE-2023-41578 HIGH POC
7.5 Sep 08

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection

CVE-2023-34660 MEDIUM POC
6.5 Jun 16

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. Rated medium seve

Share

CVE-2023-47467 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy