Vulnerabilities > Jeecg > Jeecg > 2.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-49442 | Deserialization of Untrusted Data vulnerability in Jeecg Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | 9.8 |
| 2023-02-03 | CVE-2021-37304 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | 7.5 |
| 2023-02-03 | CVE-2021-37305 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | 7.5 |
| 2023-02-03 | CVE-2021-37306 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | 7.5 |