CVE-2020-21124
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
UReport2 is a high-performance pure Java report engine based on Spring architecture, where complex Chinese-style statements and reports can be prepared by iterating over cells.
GitHub