Skip to main content

Jeecg

2 CVEs product

Monthly

CVE-2023-49442 CRITICAL Emergency

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 55.5% and no vendor patch available.

Deserialization RCE Jeecg
NVD
CVSS 3.1
9.8
EPSS
55.5%
CVE-2023-24789 Maven HIGH POC This Week

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
EPSS 56% CVSS 9.8
CRITICAL Emergency

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 55.5% and no vendor patch available.

Deserialization RCE Jeecg
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy