CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31635
https://notcve.org/view.php?id=CVE-2021-31635
26 Jun 2023 — Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. • https://github.com/jfinal/jfinal/issues/187 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-31649
https://notcve.org/view.php?id=CVE-2021-31649
24 Jun 2021 — In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis,may be vulnerable to remote code execute En las aplicaciones que utilizan jfinal versiones 4.9.08 e inferiores, se presenta una vulnerabilidad de deserialización cuando se usa redis, puede ser vulnerable a la ejecución de código remota • http://note.youdao.com/noteshare?id=787ccbb8345dbd4a905aebe35f1d8aa8&sub=6C5C072C901949429EFD978405212FA4 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33348
https://notcve.org/view.php?id=CVE-2021-33348
24 Jun 2021 — An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases. Se ha detectado un problema en JFinal framework versión v4.9.10 y posteriores. El método "set" de la clase "Controller" de jfinal framework no está estrictamente filtrado, lo que conlleva a vulnerabilidades de tipo XSS en algunos casos • https://github.com/jfinal/jfinal/issues/188 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •