Primary

Context

Jeecg Boot Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the Jeecg Boot framework, specifically in versions 3.0.0 prior to 3.5.3. This vulnerability arises from inadequate character filtering, allowing attackers to execute arbitrary code on components by sending specially crafted HTTP requests.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, send a crafted HTTP request to the '/jeecg-boot/jmreport/dictCodeSearch' endpoint of a Jeecg Boot application running a vulnerable version. The request must include injected FreeMarker templates that exploit the server-side template injection (SSTI) vulnerability, leading to remote code execution.

Added: Apr 1, 2026, 5:23 PM

Updated: Apr 1, 2026, 5:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

5.1

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.0

remediation

0.0

relevance

5.1

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jeecg Boot Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

JeecgBoot JimuReport

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating