Описание
JFinal file validation vulnerability
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.
Пакеты
Наименование
com.jfinal:jfinal
maven
Затронутые версииВерсия исправления
< 4.5
4.5
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.