3 matches found
org.jeecgframework.boot:jeecg-boot-starter-cloud (>=3.4.0 <=3.5.3), org.jeecgframework.boot:jeecg-boot-starter-lock (>=3.4.0 <=3.5.3) +1 more potentially affected by CVE-2023-41544 via org.jeecgframework.boot:jeecg-boot-common (>=3.4.0 <=3.5.3)
org.jeecgframework.boot:jeecg-boot-common MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.5.3 Source cves: CVE-2023-41544 Source advisory: OSV:GHSA-49JP-CGHC-P5PJ...
CVE-2023-41544
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component...
CVE-2023-41544
CVE-2023-41544 is a server-side template injection vulnerability in jeecg-boot 3.5.3. The SSTI flaw affects the /jmreport/loadTableData component and allows remote attackers to execute arbitrary code through crafted HTTP requests. The issue is rated critical (CVSS 3.1: 9.8; AV:N/AC:L/PR:N/UI:N/S:...