| عنوان | jeecgboot JeecgBoot JeecgBoot versions containing the vulnerable /sys/common/uploadImgByHttp implementation before vendor fix Server-Side Request Forgery |
|---|
| الوصف | An authenticated server-side request forgery vulnerability exists in JeecgBoot's remote image upload functionality.
The endpoint /sys/common/uploadImgByHttp accepts a user-controlled remote image URL. The application converts the remote URL into a multipart file by opening an outbound HTTP connection before the SSRF/file-type protection check is performed.
Source-level chain:
POST /sys/common/uploadImgByHttp
→ CommonController.uploadImgByHttp(@RequestBody JSONObject)
→ user-controlled remote URL
→ HttpFileToMultipartFileUtil.httpFileToMultipartFile(fileUrl, filename)
→ downloadImageData(fileUrl)
→ new URL(fileUrl)
→ HttpURLConnection.openConnection()
→ connection.setRequestMethod("GET")
→ server sends outbound request
→ SsrfFileTypeFilter.checkUploadFileType(...) runs afterward
Because the network request is sent before SSRF validation, an authenticated attacker can cause the server to request attacker-controlled URLs or internal HTTP services. This may allow internal network probing or access to services reachable from the JeecgBoot server, depending on the deployment environment.
The issue is caused by performing SSRF/file validation after the outbound request has already occurred. |
|---|
| المصدر | ⚠️ https://github.com/jeecgboot/jeecg-boot |
|---|
| المستخدم | feng123123 (UID 95215) |
|---|
| ارسال | 26/04/2026 07:35 AM (2 أشهر منذ) |
|---|
| الاعتدال | 23/05/2026 04:08 PM (27 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 347315 [JeecgBoot 3.9.0 uploadImgByHttp fileUrl تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|