CVE-2024-40489

CRITICAL

jeecg boot 3.0.0-3.5.3 - Code Injection

Title source: llm

Description

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

References (2)

https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp

https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0

Scores

CVSS v3 9.8

EPSS 0.0101

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

jeecg/jeecg_boot 3.0 - 3.5.3

Published Apr 01, 2026

Tracked Since Apr 01, 2026