Vulnerabilities > Jeecg > Jeecg > 3.4.4

DATE CVE VULNERABILITY TITLE RISK
2024-01-03 CVE-2023-49442 Deserialization of Untrusted Data vulnerability in Jeecg
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.
network
low complexity
jeecg CWE-502
critical
 9.8
9.8
2023-03-06 CVE-2023-24789 SQL Injection vulnerability in Jeecg 3.4.4
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
network
low complexity
jeecg CWE-89
8.8
8.8