Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oM2o4LWZyNXEtOHJmcs4AAo7l
JFinal Java Deserialization Vulnerability
In applications using jfinal 4.9.08 and below, there is a deserialization vulnerability when using redis which can lead to remote code execution
Permalink: https://github.com/advisories/GHSA-h3j8-fr5q-8rfrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oM2o4LWZyNXEtOHJmcs4AAo7l
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
EPSS Percentage: 0.01009
EPSS Percentile: 0.835
Identifiers: GHSA-h3j8-fr5q-8rfr, CVE-2021-31649
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-31649
- http://note.youdao.com/noteshare?id=787ccbb8345dbd4a905aebe35f1d8aa8&sub=6C5C072C901949429EFD978405212FA4
- https://github.com/jfinal/jfinal/issues/184
- https://github.com/advisories/GHSA-h3j8-fr5q-8rfr
Blast Radius: 0.0
Affected Packages
maven:com.jfinal:jfinal
Dependent packages: 151Dependent repositories: 855
Downloads:
Affected Version Ranges: <= 4.9.08
No known fixed version
All affected versions: 1.4.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8