| शीर्षक | jeecgboot JeecgBoot 3.9.1 Remote Command Execution |
|---|
| विवरण | The default file content extraction function of the document library in JeecgBoot 3.9.1 has limitations: it cannot extract images or handle complex document layouts, resulting in AI's failure to properly respond to images in the knowledge base during RAG (Retrieval-Augmented Generation). To address this, the author provides the MinerU parsing solution (see details at https://help.jeecg.com/aigc/guide/mdConvert). When MinerU parsing is enabled, an attacker can execute arbitrary commands by uploading a compressed package with a specific file name to the knowledge base. |
|---|
| स्रोत | ⚠️ https://github.com/jeecgboot/JeecgBoot/issues/9335 |
|---|
| उपयोगकर्ता | chuan001 (UID 94798) |
|---|
| सबमिशन | 02/02/2026 09:01 AM (3 महीनों पहले) |
|---|
| संयम | 15/02/2026 06:40 PM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 346163 [JeecgBoot 3.9.1 Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|