Description
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
Remediation
References
https://github.com/jfinal/jfinal/issues/187
Related Vulnerabilities
CVE-2023-41835 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j-core
CVE-2023-3432 Vulnerability in maven package net.sourceforge.plantuml:plantuml
CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin
CVE-2023-39010 Vulnerability in maven package org.boofcv:boofcv-core