Description
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
Remediation
References
https://github.com/jfinal/jfinal/issues/187
Related Vulnerabilities
CVE-2019-5485 Vulnerability in npm package gitlabhook
CVE-2021-21344 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-25873 Vulnerability in maven package org.webjars.npm:vuetify
CVE-2019-19771 Vulnerability in npm package coinstirng
CVE-2019-10246 Vulnerability in maven package org.eclipse.jetty:jetty-util