Title | jimureport ssti(RCE) |
---|
Description | [Vulnerability description]
jimureport <= v1.6.0 has SSTI (Server Side Template Injection), which can be exploited by attackers to remotely execute arbitrary code (RCE).
[Vulnerability Type]
Remote Code Execution (RCE), SSTI
[Vendor of Product]
https://github.com/jeecgboot/JimuReport/releases/tag/v1.6.0
https://mvnrepository.com/artifact/org.jeecgframework.jimureport/jimureport-spring-boot-starter
[Affected Product Code Base]
jimureport <= v1.6.0 (currently the latest version v1.6.1 has fixed this vulnerability) |
---|
Source | ⚠️ https://github.com/keecth/bug/blob/main/jimureport%20ssti(RCE).md |
---|
User | keecth (ID 44296) |
---|
Submission | 19.08.2023 16:23 (9 months ago) |
---|
Moderation | 20.08.2023 09:38 (17 hours later) |
---|
Status | принято |
---|
VulDB Entry | 237571 |
---|