Описание
JFinal Java Deserialization Vulnerability
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis which can lead to remote code execution
Пакеты
Наименование
com.jfinal:jfinal
maven
Затронутые версииВерсия исправления
<= 4.9.08
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
больше 4 лет назад
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute