jeecgboot/jeecg

GitHub

github.com

www.jeecg.com

Releases0

Stars2.19K

JEECG是一款基于代码生成器的J2EE快速开发平台，开源界“小普元”超越传统商业企业级开发平台。引领新的开发模式(Online Coding模式(自定义表单) - > 代码生成器模式 - > 手工MERGE智能开发)，可以帮助解决Java项目90%的重复工作，让开发更多关注业务逻辑。既能快速提高开发效率，帮助公司节省人力成本，同时又不失灵活性。具备：表单配置能力（无需编码）、移动配置能力、工作流配置能力、报表配置能力（支持移动端）、插件开发能力（可插拔）

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-20948 ↗	Dec 27, 2021Monday, 27 December 2021, 21:15	7.5 HIGH	5 MEDIUM
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
CVE-2020-23083 ↗	May 3, 2021Monday, 3 May 2021, 22:15	9.8 CRITICAL	7.5 HIGH
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".