Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oM2o4LWZyNXEtOHJmcs4AAo7l
JFinal Java Deserialization Vulnerability
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis which can lead to remote code execution
Permalink: https://github.com/advisories/GHSA-h3j8-fr5q-8rfrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oM2o4LWZyNXEtOHJmcs4AAo7l
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: 3 months ago
Identifiers: GHSA-h3j8-fr5q-8rfr, CVE-2021-31649
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-31649
- http://note.youdao.com/noteshare?id=787ccbb8345dbd4a905aebe35f1d8aa8&sub=6C5C072C901949429EFD978405212FA4
- https://github.com/jfinal/jfinal/issues/184
- https://github.com/advisories/GHSA-h3j8-fr5q-8rfr
Affected Packages
maven:com.jfinal:jfinal
Versions: <= 4.9.08No known fixed version