Security Advisory

CVE-2019-17352

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-08 12:13:36

Last updated 2024-08-05 01:40:15

Assigner mitre

State PUBLISHED

Description

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.

← Browse all CVEs View on cve.org ↗