Description
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.
Remediation
References
https://github.com/jeecgboot/jeecg-boot/issues/4990
Related Vulnerabilities
CVE-2020-7760 Vulnerability in maven package org.webjars:codemirror
CVE-2014-3603 Vulnerability in maven package org.opensaml:opensaml
CVE-2022-37199 Vulnerability in maven package com.jflyfox:jflyfox_jfinal
CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_3
CVE-2023-26920 Vulnerability in maven package org.webjars.npm:fast-xml-parser