CVE-2020-20948

HIGH

Jeecg - Exposure to Wrong Actor

Title source: rule

Description

An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0052
EPSS Percentile 66.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-668
Status published

Affected Products (1)

jeecg/jeecg

Timeline

Published Dec 27, 2021
Tracked Since Feb 18, 2026