CVE-2024-40489

critical

Description

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

References

https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp

https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0

Details

Source: Mitre, NVD

Published: 2026-04-01

Updated: 2026-04-06

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H