Vulnerabilities > Jfinal > Jfinal > 4.5

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-31649 Deserialization of Untrusted Data vulnerability in Jfinal
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
network
low complexity
jfinal CWE-502
7.5
7.5
2021-06-24 CVE-2021-33348 Cross-site Scripting vulnerability in Jfinal
An issue was discovered in JFinal framework v4.9.10 and below.
network
jfinal CWE-79
4.3
4.3