2 matches found
cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +134 more potentially affected by CVE-2019-17352 via com.jfinal:jfinal (>=1.4 <=4.4)
com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0, =0.0.8, =0.0.8, =0.0.8, =0.1, =1.2.2 - cn.dreampie:jfinal-flyway =0.1 - cn.dreampie:jfinal-lesscss =0.1 and more Source cves: CVE-2019-17352 Source advisory: OSV:GHSA-279P-PC38-XX4P...
CVE-2019-17352
CVE-2019-17352 affects JFinal cos prior to 2019-08-13 (JFinal 4.4). The isSafeFile() check can be bypassed, allowing upload of any file type (e.g., .jsp) with deletion not consistently executed; no remediation details are provided in the supplied documents.