Last active
April 2, 2026 01:43
-
-
Save aqyoung/e3b7ba5d8b8261df7d09931dbe779b3b to your computer and use it in GitHub Desktop.
CVE-2024-43028
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-43028 | |
| [PRODUCT] | |
| JeecgBoot JimuReport | |
| [Affected Product Code Base] | |
| version >= 3.0.0 - version <= 3.5.3 | |
| [PROBLEM TYPE] | |
| SSTI (Server-Side Template Injection) | |
| [DESCRIPTION] | |
| JeecgBoot JimuReport component has a SSTI vulnerability on the /jeecg-boot/jmreport/getQueryInfo endpoint. Insufficient input validation leads to remote code execution via malicious FreeMarker templates. | |
| Discovered by aqyoung |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment