CVE-2023-41578: Jeecg boot arbitrary file read vulnerability

September 8, 2023 (updated September 26, 2024)

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.

References

github.com/Snakinya/Bugs/issues/1
github.com/advisories/GHSA-pm8v-ppx7-8hr4
github.com/jeecgboot/jeecg-boot
nvd.nist.gov/vuln/detail/CVE-2023-41578

Detect and mitigate CVE-2023-41578 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →