Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-279p-pc38-xx4p: JFinal file validation vulnerability

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.

ghsa
#vulnerability#js#git

JFinal file validation vulnerability

High severity GitHub Reviewed Published May 25, 2022 • Updated May 25, 2022

ghsa: Latest News

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server