Deserialization of untrusted data

2024-01-0321:15:00

PRIOn knowledge base

www.prio-n.com

deserialization

untrusted data

jeecg 4.0

security vulnerability

crafted post request

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.2%

JSON

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.

CPENameOperatorVersion
jeecgle4.0

CPE	Name	Operator	Version
	jeecg	le	4.0

References

lemono.fun/thoughts/JEECG-RCE.html