| Title | guojusoft JeecgBoot v3.8.0 Resource Consumption |
|---|
| Description | A ZIP bomb vulnerability has been identified in JeecgBoot 3.8.0, specifically in the document upload feature of its AI knowledge base module. Attackers can exploit this by uploading a maliciously crafted ZIP file, which, when decompressed, consumes excessive system resources (e.g., disk space) and potentially causes service disruption. The root cause lies in the lack of restrictions on the total size and number of files during decompression in the unzipFile method. |
|---|
| Source | ⚠️ https://github.com/jeecgboot/JeecgBoot/issues/8199 |
|---|
| User | lem0n817 (UID 84709) |
|---|
| Submission | 04/27/2025 10:49 AM (12 months ago) |
|---|
| Moderation | 05/10/2025 07:51 AM (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 308278 [JeecgBoot up to 3.8.0 Document Library Upload zip unzipFile resource consumption] |
|---|
| Points | 20 |
|---|