CVE-2019-1010202
N/A
N/A
Summary
Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jeesite | Jeesite | 1.2.7 [fixed: 4.0 and later] | affected |
Weaknesses
- XML External Entity (XXE)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.