Vulnerabilities > Jfinal

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2021-31635 Unspecified vulnerability in Jfinal 4.9.08
Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function.
network
low complexity
jfinal
critical
9.8
2021-06-24 CVE-2021-31649 Deserialization of Untrusted Data vulnerability in Jfinal
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
network
low complexity
jfinal CWE-502
7.5
2021-06-24 CVE-2021-33348 Cross-site Scripting vulnerability in Jfinal
An issue was discovered in JFinal framework v4.9.10 and below.
network
jfinal CWE-79
4.3
2019-10-08 CVE-2019-17352 Unrestricted Upload of File with Dangerous Type vulnerability in Jfinal
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file.
network
low complexity
jfinal CWE-434
5.0