GHSA-8m24-3cfx-9fjw: sp1 has insufficient observation of cumulative sum

GHSA-j857-2pwm-jjmm: Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2021-37305

**Insecure Permissions issue in jeecg-boot**

Moderate severity GitHub Reviewed Published Feb 3, 2023 to the GitHub Advisory Database • Updated Feb 4, 2023

**Package**

maven org.jeecgframework.boot:jeecg-boot-base (Maven)

**Affected versions**

<= 2.4.5

Published to the GitHub Advisory Database

Feb 3, 2023

Published by the National Vulnerability Database

Feb 3, 2023

Headline

GHSA-4f48-qpch-4ppx: Insecure Permissions issue in jeecg-boot

ghsa: Latest News