exploitDog

GHSA-rf4q-9m5j-m24r

Опубликовано: 03 янв. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

Ссылки

EPSS

Процентиль: 98%

0.5552

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2023-49442

CVSS3: 9.8

nvd

около 2 лет назад

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

EPSS

Процентиль: 98%

0.5552

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502