CVE-2019-1010202
Published
CVSS v3
N/A
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later.
👍Java 低代码, 轻量级, Spring Boot, MyBatis, Flowable, TypeScript, Vue, Antdv, 包括核心模块如:组织机构、角色用户、权限授权、数据权限、内容管理、工作流、Spring Cloud 微服务等。
GitHub