Submeter #806910: https://github.com/jeecgboot/JeecgBoot <=3.91 SSRFinformação

Títulohttps://github.com/jeecgboot/JeecgBoot <=3.91 SSRF
DescriçãoJeecgBoot is an open-source enterprise low-code platform built on Spring Boot. The uploadImgByHttp endpoint in its file management module accepts an arbitrary user-supplied URL, fetches the content from that URL server-side, and saves it as a file. The endpoint performs no security validation on the target URL — no allowlist, no private IP filtering, no protocol restriction — allowing an attacker to leverage it for Server-Side Request Forgery (SSRF) attacks.
Fonte⚠️ https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/JeecgBoot_Server-Side_Request_Forgery_SSRF.md
Utilizador
 JD Security SHENYI Team (UID 97436)
Submissão17/04/2026 09h57 (há 2 meses)
Moderação09/05/2026 09h00 (22 days later)
EstadoDuplicado
Entrada VulDB360562 [JeecgBoot até 3.9.1 uploadImgByHttpEndpoint CommonController.java Elevação de Privilégios]
Pontos0

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!