CVE-2020-19229

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0540%

EPSS Percentile40.21th

PublishedApr 5, 2022

Last ModifiedNov 21, 2024

Vulnerability Description

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.

Affected Platforms (CPE)

📦

Jeesite

= 1.2.7

References & Advisories

🔗 https://github.com/thinkgem/jeesite/issues/490

Related Vulnerabilities

CVE-2019-10102026.5

Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: conver...

CVE-2019-10102016.5

Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByB...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...