CVE-2023-41544: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

December 30, 2023 (updated January 3, 2024)

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.

References

github.com/advisories/GHSA-49jp-cghc-p5pj
nvd.nist.gov/vuln/detail/CVE-2023-41544
pho3n1x-web.github.io/2023/09/18/CVE-2023-41544%28JeecgBoot_SSTI%29/

Code Behaviors & Features

Detect and mitigate CVE-2023-41544 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →