Vulnerabilities > Jfinal > Jfinal > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-31649 | Deserialization of Untrusted Data vulnerability in Jfinal In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute | 7.5 |
| 2021-06-24 | CVE-2021-33348 | Cross-site Scripting vulnerability in Jfinal An issue was discovered in JFinal framework v4.9.10 and below. | 4.3 |
| 2019-10-08 | CVE-2019-17352 | Unrestricted Upload of File with Dangerous Type vulnerability in Jfinal In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. | 5.0 |