GHSA-mfm8-63gh-gpv6CriticalCVSS 9.1
JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper...
🔗 CVE IDs covered (1)
📋 Description
JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute arbitrary code.