| tiêu đề | jeecgboot JeecgBoot JeecgBoot versions containing the vulnerable /sys/common/uploadImgByHttp implementation before vendor fix Server-Side Request Forgery |
|---|
| Mô tả | An authenticated server-side request forgery vulnerability exists in JeecgBoot's remote image upload functionality.
The endpoint /sys/common/uploadImgByHttp accepts a user-controlled remote image URL. The application converts the remote URL into a multipart file by opening an outbound HTTP connection before the SSRF/file-type protection check is performed.
Source-level chain:
POST /sys/common/uploadImgByHttp
→ CommonController.uploadImgByHttp(@RequestBody JSONObject)
→ user-controlled remote URL
→ HttpFileToMultipartFileUtil.httpFileToMultipartFile(fileUrl, filename)
→ downloadImageData(fileUrl)
→ new URL(fileUrl)
→ HttpURLConnection.openConnection()
→ connection.setRequestMethod("GET")
→ server sends outbound request
→ SsrfFileTypeFilter.checkUploadFileType(...) runs afterward
Because the network request is sent before SSRF validation, an authenticated attacker can cause the server to request attacker-controlled URLs or internal HTTP services. This may allow internal network probing or access to services reachable from the JeecgBoot server, depending on the deployment environment.
The issue is caused by performing SSRF/file validation after the outbound request has already occurred. |
|---|
| Nguồn | ⚠️ https://github.com/jeecgboot/jeecg-boot |
|---|
| Người dùng | feng123123 (UID 95215) |
|---|
| Đệ trình | 26/04/2026 07:35 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 23/05/2026 16:08 (27 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 347315 [JeecgBoot 3.9.0 uploadImgByHttp fileUrl nâng cao đặc quyền] |
|---|
| điểm | 0 |
|---|