JimuReport
JimuReport copied to clipboard
jeecgboot
积木报表中的多个依赖安全漏洞
版本号:
1.5.2
问题描述:
安全漏洞,建议升级依赖: CVE-2021-41862 Improper Neutralization Of Special Elements In Output Used By A Downstream Component ('Injection') MAVEN Summary All the versions of AviatorScript are vulnerable to code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).
{ "id": "CVE-2021-41862", "cwe": "CWE-74", "credit": null, "description": "All the versions of AviatorScript are vulnerable to code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).", "vulnerabilityType": "Disputed", "referencesData": [ { "comment": "", "type": "Advisory", "url": "https://github.com/advisories/GHSA-xpv2-8ppj-79hh" }, { "comment": "", "type": "Issue", "url": "https://github.com/killme2008/aviatorscript/issues/421" } ], "cvssList": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "integrityImpact": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "privilegesRequired": "NONE", "version": 3, "confidentialityImpact": "HIGH", "availabilityImpact": "HIGH", "score": 9.8, "severity": "High" } ], "publishDate": "2021-10-02T00:15:00Z", "score": 9.8, "severity": "High", "created": "2021-10-05T08:48:38Z", "cveName": "CVE-2021-41862", "updateTime": "2022-03-10T14:46:54Z", "affectedOss": [ "com.googlecode.aviator:aviator" ], "affectedPackageManagers": [ "Maven" ] }
错误日志&截图:
重现步骤:
友情提示(为了提高issue处理效率):
- 积木报表是一款免费报表产品,功能免费源码不开放;
- 未按格式要求发帖,会被直接删掉;
- 请针对问题提供报表设计SQL脚本或在官网制作报表示例并提供ID;
- 针对不好重现的问题,请录制操作视频或详细的重现步骤;
