CVE-2024-40489

CRITICAL CVSS 9.8 View on NVD ↗

Description

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0
https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp

Published: Apr 01, 2026 17:16 UTC Modified: Apr 01, 2026 20:16 UTC