CVE-2024-40489

Published: Apr 1, 2026Modified: Apr 6, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

Affected (1)

Products: Jeecg: Jeecg Boot

Jeecg

1 product

Jeecg Boot

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jeecg Jeecg Boot	From 3.0 to 3.5.3

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0

Source: cve@mitre.org

Third Party Advisory

https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp

Source: cve@mitre.org

Permissions Required

Timeline

No history available yet.