CVE-2024-40489

{"id": "CVE-2024-40489", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-04-01T17:16:57.070", "references": [{"url": "https://gist.github.com/aqyoung/2fd6329ceb06b731a621356921f0d5f0", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://pan.baidu.com/s/14WOPXhRHoxr4FRKGme59ug?pwd=sktp", "tags": ["Permissions Required"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests."}], "lastModified": "2026-04-06T15:35:16.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jeecg:jeecg_boot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EAE49E3-CDA2-49D8-B812-910C2FCA0C21", "versionEndIncluding": "3.5.3", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}