Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1yNm1nLWZxODctZ3czNM4AA3kb

High EPSS: 0.00268% (0.50016 Percentile) EPSS:
Permalink JSON

Cross-Site Request Forgery in JFinalCMS via /admin/tag/update

Affected Packages Affected Versions Fixed Versions
maven:com.jfinal:jfinal <= 5.0.0 No known fixed version
151 Dependent packages
855 Dependent repositories

Affected Version Ranges

All affected versions

1.4.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 4.9.12, 4.9.13, 4.9.14, 4.9.15, 4.9.16, 4.9.17, 4.9.18, 4.9.19, 4.9.20, 4.9.21, 4.9.22, 4.9.23, 5.0.0

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update.

References:

Identifiers

GHSA-r6mg-fq87-gw34

CVE-2023-49377

Risk

Severity

High

EPSS

EPSS Percentage: 0.00268

EPSS Percentile: 0.50016

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/cui2shark/cms

Date and time

Published

over 1 year ago

Updated

over 1 year ago

API

JSON