Vulnerabilities > Jfinal

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-26	CVE-2021-31635	Unspecified vulnerability in Jfinal 4.9.08 Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. network low complexity jfinal critical	9.8
2021-06-24	CVE-2021-31649	Deserialization of Untrusted Data vulnerability in Jfinal In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute network low complexity jfinal CWE-502 critical	9.8
2021-06-24	CVE-2021-33348	Cross-site Scripting vulnerability in Jfinal An issue was discovered in JFinal framework v4.9.10 and below. network low complexity jfinal CWE-79	6.1
2019-10-08	CVE-2019-17352	Unrestricted Upload of File with Dangerous Type vulnerability in Jfinal In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. network low complexity jfinal CWE-434	7.5

Vulnerabilities > Jfinal {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jfinal"}]}