Vulnerabilities > Jfinal > Jfinal > 4.9.08
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-26 | CVE-2021-31635 | Unspecified vulnerability in Jfinal 4.9.08 Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. | 9.8 |
2021-06-24 | CVE-2021-31649 | Deserialization of Untrusted Data vulnerability in Jfinal In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute | 7.5 |
2021-06-24 | CVE-2021-33348 | Cross-site Scripting vulnerability in Jfinal An issue was discovered in JFinal framework v4.9.10 and below. | 4.3 |