Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.jflyfox/jflyfox_jfinal@5.1.0
Typemaven
Namespacecom.jflyfox
Namejflyfox_jfinal
Version5.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-db1h-6hd1-8fg1
vulnerability_id VCID-db1h-6hd1-8fg1
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
references
0
reference_url https://github.com/jflyfox/jfinal_cms/issues/54
reference_id
reference_type
scores
url https://github.com/jflyfox/jfinal_cms/issues/54
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30349
reference_id CVE-2023-30349
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-30349
2
reference_url https://github.com/advisories/GHSA-8qhm-ch8h-xgjr
reference_id GHSA-8qhm-ch8h-xgjr
reference_type
scores
url https://github.com/advisories/GHSA-8qhm-ch8h-xgjr
fixed_packages
aliases CVE-2023-30349, GHSA-8qhm-ch8h-xgjr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db1h-6hd1-8fg1
1
url VCID-qwtz-y24w-bybw
vulnerability_id VCID-qwtz-y24w-bybw
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.
references
0
reference_url https://github.com/jflyfox/jfinal_cms/issues/54
reference_id
reference_type
scores
url https://github.com/jflyfox/jfinal_cms/issues/54
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26812
reference_id CVE-2023-26812
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-26812
2
reference_url https://github.com/advisories/GHSA-gh24-c683-79r2
reference_id GHSA-gh24-c683-79r2
reference_type
scores
url https://github.com/advisories/GHSA-gh24-c683-79r2
fixed_packages
aliases CVE-2023-26812, GHSA-gh24-c683-79r2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwtz-y24w-bybw
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.jflyfox/jflyfox_jfinal@5.1.0