Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.
CVSS Score
9.8
EPSS Score
0.657
Published
2024-01-03
jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-06