jeecg-boot-base-core is vulnerable to arbitrary file upload. The vulnerability exists due to the lack of file type checks in the fileTypeFilter
function of FileTypeFilter.java
, allowing an attacker to upload malicious files through the file /api/.
path.
CPE | Name | Operator | Version |
---|---|---|---|
jeecg-boot-base-core | eq | 3.0 | |
jeecg-boot-base-core | eq | 3.0 |