Vulnerabilities > Jfinal > Jfinal > 4.9.03

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-31649 Deserialization of Untrusted Data vulnerability in Jfinal
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute
network
low complexity
jfinal CWE-502
critical
 9.8
9.8
2021-06-24 CVE-2021-33348 Cross-site Scripting vulnerability in Jfinal
An issue was discovered in JFinal framework v4.9.10 and below.
network
low complexity
jfinal CWE-79
6.1
6.1