CVE-2023-33510 – org.jeecgframework.p3:jeecg-p3-biz-chat

Package

Manager: maven
Name: org.jeecgframework.p3:jeecg-p3-biz-chat
Vulnerable Version: >=0 <=1.0.5

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.72304 pctl0.98707

Details

Jeecg P3 Biz Chat allows remote attackers to read arbitrary files Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.

Metadata

Created: 2023-06-07T21:30:18Z
Modified: 2023-06-16T17:55:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-v3v9-3jf4-5pxx/GHSA-v3v9-3jf4-5pxx.json
CWE IDs: ["CWE-668"]
Alternative ID: GHSA-v3v9-3jf4-5pxx
Finding: F017
Auto approve: 1