Jimureport Security Vulnerabilities and Issues — Jimureport CVE List

JeecgJimureport

7 matches found

CVE•added 2023/08/21 2:31 a.m.•202 views

CVE-2023-4450

CVE-2023-4450 affects jeecgboot JimuReport up to 1.6.0. A Template Handler injection leads to remote injection, with some sources noting remote code execution via Freemarker parsing; exploitation details vary across references. Remediation: upgrade to version 1.6.1 to address the issue.

9.8CVSS8.3AI score0.91049EPSS

In wild

CVE•added 2024/09/10 12:0 a.m.•54 views

CVE-2024-44893

The vulnerability CVE-2024-44893 affects JimuReport v1.7.8, specifically the component path /jeecg-boot/jmreport/dict/list. A crafted GET request can allow an attacker to escalate privileges. The CVE is rated CVSSv3.1 base score 9.8 (CRITICAL) with NETWORK attack vector, no user interaction requi...

9.8CVSS7AI score0.00272EPSS

CVE•added 2023/11/27 1:0 a.m.•35 views

CVE-2023-6307

CVE-2023-6307 affects jeecgboot JimuReport up to version 1.6.1. The vulnerability arises from manipulating the imageUrl parameter in the /download/image endpoint, causing relative path traversal. It is a remote issue with the exploit publicly disclosed; multiple sources identify the impact as pot...

9.8CVSS8.1AI score0.00102EPSS

Web

CVE•added 2025/09/21 10:32 p.m.•11 views

CVE-2025-10770

CVE-2025-10770 affects Jeecgboot JimuReport up to version 2.1.2, where deserialization occurs in the MySQL JDBC Handler via an attacker-controlled input in the file path /drag/onlDragDataSource/testConnection. This allows remote code execution; the exploit has been publicly disclosed. The Red Hat...

6.5CVSS6AI score0.00057EPSS

CVE•added 2025/09/21 11:2 p.m.•11 views

CVE-2025-10771

CVE-2025-10771 affects jeecgboot JimuReport up to 2.1.2. The issue resides in the DB2 JDBC Handler’s /drag/onlDragDataSource/testConnection function, where manipulating the argument clientRerouteServerListJNDIName can trigger deserialization and enable remote execution. Public exploit information...

9.8CVSS6.3AI score0.00073EPSS

Web

CVE•added 2025/08/14 1:2 p.m.•9 views

CVE-2025-8963

CVE-2025-8963 affects jeecgboot JimuReport up to version 2.1.1. The issue lies in the Data Large Screen Template’s file /drag/onlDragDataSource/testConnection, enabling deserialization. The vulnerability is network-reachable with low attack complexity and no user interaction, potentially impactin...

9.8CVSS7.1AI score0.00102EPSS

CVE•added 2026/01/08 12:0 a.m.•6 views

CVE-2025-66913

Summary (CVE-2025-66913) JimuReport (through v2.1.3) is vulnerable to remote code execution when handling user-controlled H2 JDBC URLs: the application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing directives to execute arbitrary Java code. The issue is distinct from C...

9.8CVSS8.3AI score0.00754EPSS