Skip to main content

Jfinal

3 CVEs product

Monthly

CVE-2021-31649 Maven CRITICAL POC Act Now

In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Redis Jfinal
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-33348 Maven MEDIUM POC PATCH This Month

An issue was discovered in JFinal framework v4.9.10 and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-17352 Maven HIGH POC PATCH This Week

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jfinal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Redis Jfinal
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered in JFinal framework v4.9.10 and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jfinal
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy